[Git][security-tracker-team/security-tracker][master] Track fixed version for giflib issues

Sun May 31 19:37:57 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15314667 by Salvatore Bonaccorso at 2026-05-31T20:37:46+02:00
Track fixed version for giflib issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45402,7 +45402,7 @@ CVE-2026-26948 (Dell Integrated Dell Remote Access Controller 9, 14G versions pr
 CVE-2026-26945 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ...)
-	- giflib <unfixed> (bug #1131368)
+	- giflib 6.1.3-1 (bug #1131368)
 	NOTE: https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
 	NOTE: https://sourceforge.net/p/giflib/bugs/199/
 CVE-2026-25449 (Deserialization of Untrusted Data vulnerability in shinetheme Traveler ...)
@@ -49289,7 +49289,7 @@ CVE-2026-23907 (This issue affects the  ExtractEmbeddedFiles example inApache PD
 	NOTE: Examples are not shipped in the Debian package
 	NOTE: https://lists.apache.org/thread/gyfq5tcrxfv7rx0z2yyx4hb3h53ndffw
 CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result of a sh ...)
-	- giflib <unfixed> (bug #1130495)
+	- giflib 6.1.3-1 (bug #1130495)
 	NOTE: https://www.facebook.com/security/advisories/cve-2026-23868
 	NOTE: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
 CVE-2026-23674 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
@@ -169383,7 +169383,7 @@ CVE-2025-31672 (Improper Input Validation vulnerability in Apache POI. The issue
 	NOTE: https://www.openwall.com/lists/oss-security/2025/04/08/2
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=69620
 CVE-2025-31344 (Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. ...)
-	- giflib <unfixed> (bug #1102520; unimportant)
+	- giflib 6.1.3-1 (bug #1102520; unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/04/07/3
 	NOTE: https://sourceforge.net/p/giflib/bugs/176/
 	NOTE: Fixed by: https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af/ (6.1.1)
@@ -229303,7 +229303,7 @@ CVE-2024-46293 (Sourcecodester Online Medicine Ordering System 1.0 is vulnerable
 CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access  ...)
 	NOT-FOR-US: PIX-LINK
 CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2 ...)
-	- giflib <unfixed> (bug #1084058; unimportant)
+	- giflib 6.1.3-1 (bug #1084058; unimportant)
 	NOTE: https://gitlab.com/mthandazo/project-pov
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1231189#c1
@@ -468429,7 +468429,7 @@ CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch
 CVE-2021-40634
 	RESERVED
 CVE-2021-40633 (A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5 ...)
-	- giflib 5.2.2-1 (unimportant; bug #1014586)
+	- giflib 6.1.3-1 (unimportant; bug #1014586)
 	NOTE: https://sourceforge.net/p/giflib/bugs/157/
 	NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact
 CVE-2021-40632



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15314667e36f554b73ac995027324baf67db0fa8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15314667e36f554b73ac995027324baf67db0fa8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/f3750823/attachment.htm>
