Debian has issued an advisory on January 12: https://www.debian.org/security/2018/dsa-4084 The upstream bug and commit to fix it are linked from here: https://security-tracker.debian.org/tracker/CVE-2017-1000421 Mageia 5 is also affected.
Submitted 1.88-1.1mga to http://pkgsubmit.mageia.org/ - please test.
Advisory: ======================== Updated gifsicle package fixes security vulnerability: It was discovered that gifsicle contained a flaw that could lead to arbitrary code execution (CVE-2017-1000421). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000421 https://www.debian.org/security/2018/dsa-4084 ======================== Updated packages in core/updates_testing: ======================== gifsicle-1.88-1.1.mga6 from gifsicle-1.88-1.1.mga6.src.rpm
CC: (none) => shlomifAssignee: shlomif => qa-bugs
Shall I prepare an updated package for mga5 too?
You may. It's your call.
Updated gifsicle on Mageia 6 for 64 bits. Checked basic functionality:- Create an animation: $ gifsicle aninew*.gif --colors 255 > animation.gif and viewed a five frame animation with ristretto and eom. $ gifsicle -I curiosity.gif * curiosity.gif 11 images logical screen 1024x1024 global color table [256] background 0 loop forever + image #0 1024x1024 disposal background delay 0.50s + image #1 1024x1024 local color table [256] ................. $ gifsicle -e curiosity.gif gifsicle:curiosity.gif.001: background color not in colormap .................. $ ls curiosity* curiosity.gif curiosity.gif.002 curiosity.gif.005 curiosity.gif.008 curiosity.gif.000 curiosity.gif.003 curiosity.gif.006 curiosity.gif.009 curiosity.gif.001 curiosity.gif.004 curiosity.gif.007 curiosity.gif.010 $ eom curiosity.gif.* displayed the individual frames on demand. That looks fine for 64 bits.
CC: (none) => tarazed25
Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
openSUSE has issued an advisory for this on January 15: https://lists.opensuse.org/opensuse-updates/2018-01/msg00040.html
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0086.html
Status: NEW => RESOLVEDResolution: (none) => FIXED