109997 2005-10-21 01:17 0000 media-libs/giflib: buffer overflow / null pointer deref 2005-11-20 02:14:59 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED A2 [glsa] P2 major --- 1 koon@gentoo.org security@gentoo.org koon@gentoo.org 2005-10-21 01:17:32 0000 Chris Evans discovered that libungif 4.1.4 fixed potentially sensitive issues that may be used to execute arbitrary code. These issues were initially discovered by Daniel Eisenbud and silently fixed in 4.1.4. koon@gentoo.org 2005-10-21 01:20:57 0000 Mamoru: this is a semi-public issue, could you silently add 4.1.4 to the tree so that we are ready to disclose it by the coordinated date (2005/10/28, 1400 UTC) vapier@gentoo.org 2005-10-21 06:50:15 0000 libungif is dead only giflib should be updated and libungif should be masked koon@gentoo.org 2005-10-21 08:49:21 0000 Release date is now set to 2005/11/03 koon@gentoo.org 2005-10-28 00:37:51 0000 CVE Ids : CVE-2005-2974 libungif NULL pointer deref CVE-2005-3350 libungif OOB access usata/vapier: please bump vapier@gentoo.org 2005-10-28 16:12:56 0000 giflib-4.1.4 now in portage koon@gentoo.org 2005-10-29 02:29:55 0000 Ccing security liaisons... Please test and mark 4.1.4 stable, so that's the ebuild is ready at GLSA release time. hansmi@gentoo.org 2005-10-29 08:55:52 0000 Stable on ppc and hppa. kloeri@gentoo.org 2005-10-29 12:53:56 0000 Stable on alpha. blubb@gentoo.org 2005-10-30 02:53:24 0000 amd64 stable gustavoz@gentoo.org 2005-10-31 07:21:27 0000 sparc stable. ranger@gentoo.org 2005-10-31 07:45:23 0000 Marked ppc64 stable (and urt) koon@gentoo.org 2005-11-03 02:53:58 0000 Adding halcyon to handle x86 stable marking. halcy0n@gentoo.org 2005-11-03 11:56:03 0000 x86 stable koon@gentoo.org 2005-11-04 00:32:48 0000 Embargo ended, ready to send. koon@gentoo.org 2005-11-04 00:44:26 0000 mips should mark giflib-4.1.4 ~ ppc-macos should test and mark giflib-4.1.4 stable koon@gentoo.org 2005-11-04 00:45:05 0000 Hm. in fact mips should even test and mark stable. grobian@gentoo.org 2005-11-04 02:39:30 0000 I had to stable the follow packages to stable giflib-4.1.4: urt-3.1b-r1 ghostscript-7.07.1-r10 media-fonts/gnu-gs-fonts-std-8.11 Note: I encountered bug #111455 but ignored it for now and stabled giflib. koon@gentoo.org 2005-11-04 04:34:10 0000 GLSA 200511-03 mips should mark stable to benefit from GLSA hardave@gentoo.org 2005-11-20 02:14:59 0000 Stable on mips.