Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution. -Gentoo Security Padawan-
@Maintainers, 1.90 already in tree, please call for stabilization when ready. Thank you,
@arches, please stabilize.
x86 can't stabilize due to bug 651924.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ba291ef77b6bee1cc2c9d4ee6c3747efd8ad7c0 commit 9ba291ef77b6bee1cc2c9d4ee6c3747efd8ad7c0 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 17:27:28 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:35:09 +0000 media-gfx/gifsicle: stable 1.90 for ppc, bug #648602 Bug: https://bugs.gentoo.org/648602 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" media-gfx/gifsicle/gifsicle-1.90.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
cleanup will occur in bug #655572