Bugzilla – Bug 1216403
VUL-0: CVE-2023-46009: gifsicle: floating point exception vulnerability via resize_stream at src/xform.c
Last modified: 2024-06-27 23:00:29 UTC
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46009
Tracking as affected: - openSUSE:Backports:SLE-15-SP4/gifsicle (v1.93) - openSUSE:Backports:SLE-15-SP5/gifsicle (v1.93) - openSUSE:Factory/gifsicle (v1.94) Upstream issue: https://github.com/kohler/gifsicle/issues/196 Upstream fixes: https://github.com/kohler/gifsicle/commit/06d533628b1f3a75d06cbb29773dc6aaa2916fc3 https://github.com/kohler/gifsicle/commit/76b1f021dd185ceff7b4a71a9f96a6026aca06af
This is fixed in gifsicle 1.95, which has been incorporated in - openSUSE:Backports:SLE-15-SP6 - openSUSE:Factory
Reopening: Missing in Leap 15.6. Please process incoming submission or fix in Leap 15.6 in your chosen way. (bug 1225537)
Hmm, there was https://build.opensuse.org/request/show/1152098 and so the version 1.95 does appear in the in the "Inherited packages" section of https://build.opensuse.org/project/show/openSUSE:Leap:15.6#tab-pane-inherited-packages I'm surprised that version 1.95 should be missing in Leap 15.6 ?
Or do you mean Leap 15.5? Yes, I did no maintenance request for Leap 15.5, as the mentioned bug seemed not terribly crucial to me. But backporting would be fine by me.
Yes sorry the diff was reversed. Missing in 15.5. https://build.opensuse.org/request/show/1177406
openSUSE-SU-2024:0146-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1216403 CVE References: CVE-2023-46009 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): gifsicle-1.95-bp155.3.6.1
Leap 15.5 is fixed now as well, so we can close this bug.