[Git][security-tracker-team/security-tracker][master] Update giflib, unclaim

Arnaud Rebillout (@arnaudr) arnaudr at debian.org
Tue Jun 9 05:37:09 BST 2026 


Arnaud Rebillout pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fac7ef43 by Arnaud Rebillout at 2026-06-09T11:36:28+07:00
Update giflib, unclaim

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -51304,6 +51304,7 @@ CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
 	- giflib 6.1.3-1 (bug #1131368)
 	NOTE: https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
 	NOTE: https://sourceforge.net/p/giflib/bugs/199/
+	NOTE: https://sourceforge.net/p/giflib/bugs/201/  (patch that was applied in Debian unstable)
 CVE-2026-25449 (Deserialization of Untrusted Data vulnerability in shinetheme Traveler ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24063 (When a plugin is installed using the Arturia Software Center (MacOS),  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -175,9 +175,9 @@ gdcm/bullseye (eamanu)
   NOTE: 20260513: New ping to upstream to know about open CVEs.
   NOTE: 20260528: Ping upstream again.
 --
-giflib/bullseye (arnaudr)
+giflib/bullseye
   NOTE: 20260405: Added by Front-Desk (ta)
-  NOTE: 20260405: no upstream fix yet
+  NOTE: 20260609: no upstream fix yet for CVE-2026-26740
 --
 glances/bullseye
   NOTE: 20260518: Added by Front-Desk (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fac7ef4328f5b22ec3a24a38e865498639437629

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fac7ef4328f5b22ec3a24a38e865498639437629
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/c18b368f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list