- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Tobias Frost
- Date:
- 2026-06-27 14:11:05 UTC
- Severity:
- normal
- Tags:
As part of the LTS team I've updated giflib for LTS and ELTS. This fixes two CVEs which are marked no-DSA. Related update for trixie-proposed-update, #1140102, was prepared by jmm. The difference for CVE-2026-26740 is that upstream has now a dedicated commit to fix this issue [1] and I am choosing this version over the maintainer fix. [1] https://sourceforge.net/p/giflib/code/ci/061605081115bbfd7019bafc119a13b6f17fcf25 Build and tests are fine in debusine. [2] [2] https://debusine.debian.net/debian/developers/work-request/893443/ I'm going to upload the changes after sending this mail.
package release.debian.org tags 1140777 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: giflib Version: 5.2.1-2.5+deb12u1 Explanation: fix memory corruption issues [CVE-2026-23868 CVE-2026-26740]
package release.debian.org tags 1140777 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: giflib Version: 5.2.1-2.5+deb12u1 Explanation: fix memory corruption issues [CVE-2026-23868 CVE-2026-26740]