Description: "In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero." Patch: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/ (see URL) Affected versions: - <5.1.8
*** Bug 707326 has been marked as a duplicate of this bug. ***
Arches please stabilise.
x86 stable
sparc stable
arm stable
ppc stable
amd64 stable
ia64 stable
ppc64 stable
arm64 stable
hppa stable
Thanks arches. @maintainer(s), please cleanup the vulnerable ebuild(s).
Unfortunately cleanup is blocked by dotnet.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5eac496a50b7aeb6e2d156658348ac8cfb505bf commit d5eac496a50b7aeb6e2d156658348ac8cfb505bf Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 20:55:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 20:55:13 +0000 media-libs/giflib: security cleanup (bug #711272) Bug: https://bugs.gentoo.org/711272 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/giflib/Manifest | 1 - media-libs/giflib/giflib-5.1.4.ebuild | 65 ----------------------------------- 2 files changed, 66 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f63de241ae62ab576ec6c388d7e00879b59c51e8 commit f63de241ae62ab576ec6c388d7e00879b59c51e8 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 20:54:21 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 20:55:12 +0000 media-libs/giflib: mark s390 stable (bug #711272) Bug: https://bugs.gentoo.org/711272 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/giflib/giflib-5.2.1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
GLSA Vote: No Repository is clean, all done!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fa78949e3a48ee281bb462f705debf31b34ac80 commit 1fa78949e3a48ee281bb462f705debf31b34ac80 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 21:29:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 21:30:10 +0000 Revert "media-libs/giflib: security cleanup (bug #711272)" This reverts commit d5eac496a50b7aeb6e2d156658348ac8cfb505bf. Bug: https://bugs.gentoo.org/711272 Bug: https://bugs.gentoo.org/711908 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/giflib/Manifest | 1 + media-libs/giflib/giflib-5.1.4.ebuild | 65 +++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+)
Re-opening for cleanup :(
Reminder - Maintainer(s), please drop the vulnerable version(s).
(In reply to Andreas Sturmlechner from comment #13) > Unfortunately cleanup is blocked by dotnet.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4abb3090b49ca462949138c0aeed3387a1473f56 commit 4abb3090b49ca462949138c0aeed3387a1473f56 Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-05-16 21:27:09 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-05-16 21:27:09 +0000 media-libs/giflib: Remove old Bug: https://bugs.gentoo.org/711272 Closes: https://github.com/gentoo/gentoo/pull/15835 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: David Seifert <soap@gentoo.org> media-libs/giflib/Manifest | 1 - media-libs/giflib/giflib-5.1.4.ebuild | 65 ----------------------------------- 2 files changed, 66 deletions(-)
Thanks!