[Git][security-tracker-team/security-tracker][master] giflib ospu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jun 27 22:10:21 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b748dcc5 by Moritz Mühlenhoff at 2026-06-27T23:09:42+02:00
giflib ospu
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -65450,6 +65450,7 @@ CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
{DLA-4650-1}
- giflib 6.1.3-1 (bug #1131368)
[trixie] - giflib <no-dsa> (Minor issue)
+ [bookworm] - giflib <no-dsa> (Minor issue)
NOTE: https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
NOTE: https://sourceforge.net/p/giflib/bugs/199/
NOTE: https://sourceforge.net/p/giflib/bugs/201/
@@ -69353,6 +69354,7 @@ CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result o
{DLA-4650-1}
- giflib 6.1.3-1 (bug #1130495)
[trixie] - giflib <no-dsa> (Minor issue)
+ [bookworm] - giflib <no-dsa> (Minor issue)
NOTE: https://www.facebook.com/security/advisories/cve-2026-23868
NOTE: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
CVE-2026-23674 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -206,3 +206,7 @@ CVE-2026-8177
[bookworm] - libxml-libxml-perl 2.0207+dfsg+really+2.0134-1+deb12u1
CVE-2026-34743
[bookworm] - xz-utils 5.4.1-2+deb12u1
+CVE-2026-26740
+ [bookworm] - giflib 5.2.1-2.5+deb12u1
+CVE-2026-23868
+ [bookworm] - giflib 5.2.1-2.5+deb12u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b748dcc545be3848962ddfeb69b33b1a7d9e26f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b748dcc545be3848962ddfeb69b33b1a7d9e26f9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/3cd2f687/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list