aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2022-12-05 13:23:36 +0100
committerBoyuan Yang <byang@debian.org>2022-12-05 14:39:11 +0000
commitf7b7f728043a9eb6dfb2e7e2cb2f898da3da2636 (patch)
tree685a6957286da1a265d2e4e6a66fc68d9fd970cf
parentb60c973e82cdfb4b8ab4d967fbca9fafa79c66d1 (diff)
DLA-3223-1 giflib
Diffstat
-rw-r--r--english/lts/security/2022/dla-3223.data10
-rw-r--r--english/lts/security/2022/dla-3223.wml39
2 files changed, 49 insertions, 0 deletions
diff --git a/english/lts/security/2022/dla-3223.data b/english/lts/security/2022/dla-3223.data
new file mode 100644
index 00000000000..fc56c47b385
--- /dev/null
+++ b/english/lts/security/2022/dla-3223.data
@@ -0,0 +1,10 @@
+<define-tag pagetitle>DLA-3223-1 giflib</define-tag>
+<define-tag report_date>2022-12-05</define-tag>
+<define-tag secrefs>CVE-2018-11490 CVE-2019-15133 Bug#904114</define-tag>
+<define-tag packages>giflib</define-tag>
+<define-tag isvulnerable>yes</define-tag>
+<define-tag fixed>yes</define-tag>
+<define-tag fixed-section>no</define-tag>
+
+#use wml::debian::security
+
diff --git a/english/lts/security/2022/dla-3223.wml b/english/lts/security/2022/dla-3223.wml
new file mode 100644
index 00000000000..912b7c9ae87
--- /dev/null
+++ b/english/lts/security/2022/dla-3223.wml
@@ -0,0 +1,39 @@
+<define-tag description>LTS security update</define-tag>
+<define-tag moreinfo>
+<p>This update fixes two file format vulnerabilities in giflib.</p>
+
+<ul>
+
+<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-11490">CVE-2018-11490</a>
+
+ <p>The <pre>DGifDecompressLine</pre> function in <pre>dgif_lib.c</pre>, as later shipped in
+ <pre>cgif.c</pre> in sam2p 0.49.4, has a heap-based buffer overflow because a
+ certain "<pre>Private-&gt;RunningCode - 2</pre>" array index is not checked. This
+ will lead to a denial of service or possibly unspecified other
+ impact.</p></li>
+
+<li><a href="https://security-tracker.debian.org/tracker/CVE-2019-15133">CVE-2019-15133</a>
+
+ <p>A malformed GIF file triggers a divide-by-zero exception in the
+ decoder function <pre>DGifSlurp</pre> in <pre>dgif_lib.c</pre> if the <pre>height</pre> field of the
+ <pre>ImageSize</pre> data structure is equal to zero.</p></li>
+
+</ul>
+
+<p>For Debian 10 buster, these problems have been fixed in version
+5.1.4-3+deb10u1.</p>
+
+<p>We recommend that you upgrade your giflib packages.</p>
+
+<p>For the detailed security status of giflib please refer to
+its security tracker page at:
+<a href="https://security-tracker.debian.org/tracker/giflib">https://security-tracker.debian.org/tracker/giflib</a></p>
+
+<p>Further information about Debian LTS security advisories, how to apply
+these updates to your system and frequently asked questions can be
+found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/lts/security/2022/dla-3223.data"
+# $Id: $

© 2014-2024 Faster IT GmbH | imprint | privacy policy