Chris Evans discovered that libungif 4.1.4 fixed potentially sensitive issues
that may be used to execute arbitrary code.
These issues were initially discovered by Daniel Eisenbud and silently fixed in
Mamoru: this is a semi-public issue, could you silently add 4.1.4 to the tree so
that we are ready to disclose it by the coordinated date (2005/10/28, 1400 UTC)
libungif is dead
only giflib should be updated and libungif should be masked
Release date is now set to 2005/11/03
CVE Ids :
CVE-2005-2974 libungif NULL pointer deref
CVE-2005-3350 libungif OOB access
usata/vapier: please bump
giflib-4.1.4 now in portage
Ccing security liaisons...
Please test and mark 4.1.4 stable, so that's the ebuild is ready at GLSA release
Stable on ppc and hppa.
Stable on alpha.
Marked ppc64 stable (and urt)
Adding halcyon to handle x86 stable marking.
Embargo ended, ready to send.
mips should mark giflib-4.1.4 ~
ppc-macos should test and mark giflib-4.1.4 stable
Hm. in fact mips should even test and mark stable.
I had to stable the follow packages to stable giflib-4.1.4:
Note: I encountered bug #111455 but ignored it for now and stabled giflib.
mips should mark stable to benefit from GLSA
Stable on mips.