[SECURITY] [DLA 2937-1] gif2apng security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2937-1] gif2apng security update
From: Anton Gladky <gladk@debian.org>
Date: Mon, 7 Mar 2022 22:17:59 +0100
Message-id: <[🔎] 20220307211759.4F4CE4A034B@thinkpad.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2937-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
March 07, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gif2apng
Version        : 1.9+srconly-2+deb9u2
CVE ID         : CVE-2021-45909 CVE-2021-45910 CVE-2021-45911

Three issues have been discovered in gif2apng: tool for converting animated GIF images to APNG format.

CVE-2021-45909:

    heap-based buffer overflow vulnerability in the DecodeLZW function.
    It allows an attacker to write a large amount of arbitrary data outside the
    boundaries of a buffer.

CVE-2021-45910:

    heap-based buffer overflow within the main function. It allows an attacker
    to write data outside of the allocated buffer.

CVE-2021-45911:

    heap based buffer overflow in processing of delays in the main function.

For Debian 9 stretch, these problems have been fixed in version
1.9+srconly-2+deb9u2.

We recommend that you upgrade your gif2apng packages.

For the detailed security status of gif2apng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gif2apng

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmImdoQACgkQ0+Fzg8+n
/wbvAg/+LspuBOfueBg5GA8jDAA0PqCGXmapRCum8CCjAhkUUtJP3lzYRE4gvOWI
KkmyuIdkMRo14yhMO+p9WAAJtZsgbGRAvZeNSOMR2bB1uGth2grOHMiHjr3sLeSI
qIrChDhR/f+9aSKdGOmmke6D06Tk8eCihn8/ew+3bAMdHj/Y7vGBejNQeaebUg5Y
Km+L04vM77snlpFsT3tMBqwBjP1cWYPM17TZlEdJ8W6pz1pxFa9aeIf6aiWA3xlZ
BoCWipNgrUh5y7x3DG9RzsYgIgxHM745TndFjHwY6PJzUogqEOch+IN+9Pdun2/o
REZHCyandnPXL/lPnAClPaMr+WktF2Qg34thDdaNdkjvjbhjjzJFWcMkCtaBpzVI
vjkaLWAtKBTO70yiNNNZ6rc4zjDcDgCRyIOxYLleAR0blwWe67ALfq/4oLzAvESU
IsFlni1wE1SS09WIXPCoXL4Td4fyJGmiLI3M+nzU7j3gEoTaSCf6Q0+LkZBQ5ccW
4SiDxbVFWh70NLZ638hO6WWY9Lp6oPaWS3jOaYF2sxPKlea9AiGqsuLw3W1Sg6Jl
DOg54py33bayWD3iX1+V0nVVMkNZhBjvYcVBwZe6iBOObvj1w6FSBypLZEc0/uOa
QJKQqHnC5VDEYs4u2oN3O5oYsxlkOH3Zvl9sLqFO9FBNfqVldSY=
=za4R
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2935-1] expat security update
Next by Date: [SECURITY] [DLA 2938-1] twisted security update
Previous by thread: [SECURITY] [DLA 2935-1] expat security update
Next by thread: [SECURITY] [DLA 2938-1] twisted security update
Index(es):
- Date
- Thread