[Git][security-tracker-team/security-tracker][master] giflib ospu

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 22:10:21 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b748dcc5 by Moritz Mühlenhoff at 2026-06-27T23:09:42+02:00
giflib ospu

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -65450,6 +65450,7 @@ CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
 	{DLA-4650-1}
 	- giflib 6.1.3-1 (bug #1131368)
 	[trixie] - giflib <no-dsa> (Minor issue)
+	[bookworm] - giflib <no-dsa> (Minor issue)
 	NOTE: https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
 	NOTE: https://sourceforge.net/p/giflib/bugs/199/
 	NOTE: https://sourceforge.net/p/giflib/bugs/201/
@@ -69353,6 +69354,7 @@ CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result o
 	{DLA-4650-1}
 	- giflib 6.1.3-1 (bug #1130495)
 	[trixie] - giflib <no-dsa> (Minor issue)
+	[bookworm] - giflib <no-dsa> (Minor issue)
 	NOTE: https://www.facebook.com/security/advisories/cve-2026-23868
 	NOTE: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
 CVE-2026-23674 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -206,3 +206,7 @@ CVE-2026-8177
 	[bookworm] - libxml-libxml-perl 2.0207+dfsg+really+2.0134-1+deb12u1
 CVE-2026-34743
 	[bookworm] - xz-utils 5.4.1-2+deb12u1
+CVE-2026-26740
+	[bookworm] - giflib 5.2.1-2.5+deb12u1
+CVE-2026-23868
+	[bookworm] - giflib 5.2.1-2.5+deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b748dcc545be3848962ddfeb69b33b1a7d9e26f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b748dcc545be3848962ddfeb69b33b1a7d9e26f9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/3cd2f687/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list