Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow

To: 820526@bugs.debian.org
Cc: Paolo Greppi <paolo.greppi@libpf.com>, Debian Security Team <team@security.debian.org>
Subject: Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 5 Jun 2018 20:35:56 +0200
Message-id: <[🔎] 20180605183556.GA10487@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 820526@bugs.debian.org
In-reply-to: <146021013436.11607.18333393772787294871.reportbug@eldamar.local>
References: <146021013436.11607.18333393772787294871.reportbug@eldamar.local> <146021013436.11607.18333393772787294871.reportbug@eldamar.local>

Hi

As spotted by Marc Deslauriers, the patch was dropped again in the
5.1.4-0.4 reopening the issue. Looking at the source, the patch is not
applied to 5.1.4 upstream source.

Cc'ing Paolo four douple check/confirming.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: unarchiving 820526, found 820526 in 5.1.4-1, found 820526 in 5.1.4-0.4
Next by Date: Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow
Previous by thread: Processed: unarchiving 820526, found 820526 in 5.1.4-1, found 820526 in 5.1.4-0.4
Next by thread: Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow
Index(es):
- Date
- Thread