Package: giflib3g Version: 3.0-11 Severity: grave Justification: user security hole
Hello, It appears that all versions of giflib in Debian (3.0-11 in Sarge, 3.0-12 in Etch/Sid) are vulnerable to CVE-2005-2974 and CVE-2005-3350, which were fixed for giflib and libungif in version 4.1.4 upstream. See: http://packages.debian.org/changelogs/pool/main/libu/libungif4/current/changelog#year2005 I will submit a diff against 3.0-12 for a proposed NMU to this bug as soon as the BTS gives me a bug number back. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) regards, -- Kevin B. McCarty <[EMAIL PROTECTED]> Physics Department WWW: http://www.princeton.edu/~kmccarty/ Princeton University GPG: public key ID 4F83C751 Princeton, NJ 08544 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
