-
giflib (5.1.9-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-40633.patch: Clean up memory better at end
of run (CVE-2021-40633)
- debian/patches/CVE-2023-39742.patch: Fix SourceForge bug #153,
segfault in getarg.c
- CVE-2021-40633
- CVE-2023-39742
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2022-28506.patch: Fix heap-buffer overflow
- CVE-2022-28506
-- Giampaolo Fresi Roglia <email address hidden> Thu, 06 Jun 2024 13:50:06 +0200
-
giflib (5.1.9-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/watch: Use https protocol.
[ Andreas Metzler ]
* AUTHORS file not shipped anymore, update debian/*.docs.
* Uses straight make instead of autotools, adapt debian/rules accordingly.
* Use dh 12 compat level.
+ Update debian/copyright, add Format specifier.
[ David Suárez ]
* New upstream version:
- Add myself as maintainer; Closes: #834410.
- Fixes heap-based buffer overflow in DGifDecompressLine function.
CVE-2018-11490 sf#113; Closes: #904114
- Fixes MemorySanitizer: FPE on unknown address;
CVE-2019-15133 sf#119: Closes: #904113
* Acknowledges NMU's uploads.
* d/watch:
- Bump version.
- Don't run uupdate.
- Don't use debian redirector.
* d/patches:
- Drop '03-spelling_fixes.patch' and 'CVE-2016-3977.patch';
Applied upstream.
- Add 'install-only-distributed-binaries-manuals' patch.
- Add 'revert-GifQuantizeBuffer-remove-from-lib' patch.
* d/rules
- Don't force the rebuilding of manpages, the clean rule does the job.
- Remove the txt docs from giflib-tools; Not distributed.
- Remove 'dh_strip --dbgsym-migration'; Not needed anymore.
- Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4.
* giflib-tools.manpages: point to the correct ones.
* d/control:
- Add 'Rules-Requires-Root' field.
- Update Standars version; no changes needed.
- Change VCS URL's.
* d/libgif7.symbols:
- Add 'Build-Depends-Package' field.
- Update symbols.
* d/copyright:
- Remove 'doc/gif87.txt'; Nows not distributed.
- Add myself on debian/* files.
- Add 'upstream-{Name,Contact}'.
* Wrap and sort.
* Add upstream metadata.
* Add lintian overrides for some giflib-tools manpages.
* Add lintian source override for sourceforge redirector.
* Drop libgif7.shlibs; not needed.
-- David Suárez <email address hidden> Sun, 08 Dec 2019 21:18:23 +0100
-
giflib (5.1.4-3ubuntu1) eoan; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-11490.patch: adding checks
in DGifDecompressLine in order to avoid a heap buffer overflow and
a denial of service in lib/dgif_lib.c.
- CVE-2018-11490
* SECURITY UPDATE: Divide-by-zero
- debian/patches/CVE-2019-15133.patch: adding checks bounds
in lib/dgif_lib.c.
- CVE-2019-15133
-- <email address hidden> (Leonidas S. Barbosa) Mon, 19 Aug 2019 15:57:38 -0300