'gifsicle' has no listed maintainer, and has been committed by various packagers, so no choice but to assign this update globally.

Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated package fixes a security vulnerability on certain resize operations with ‘--resize-method=box’.

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LT4ZGSUVTVP4M6DZMXIWJ67JSPE3CZI/
http://www.lcdf.org/gifsicle/changes.html
========================

Updated package in core/updates_testing:
========================
gifsicle-1.93-1.mga8

from SRPM:
gifsicle-1.93-1.mga8.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero

MGA8-64 Plasma on Lenovo B50
No installation issues.
Ref bug 23134 for testing and did some reading on the commands.
$ gifsicle --flip-h < P5211854.gif > P5flipped.gif
both the original and flipped images display ccorrectly with gifview and gwenview.
Then trying to understand it
$ gifdiff -h
‘Gifdiff’ compares two GIF files (either images or animations) for identical
visual appearance. An animation and an optimized version of the same animation
should compare as the same. Gifdiff exits with status 0 if the images are
the same, 1 if they’re different, and 2 if there was some error.
then
$ gifdiff P5211854.gif P5flipped.gif 
frame #0 pixels differ: 0,0 <#2A4540 >#071215
and no more. Is it so cleaver to detect that the images are essentially the same???
Cann't find anything drastically wrong, so OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

mga8, x86_64.

No PoC trail so on with update.

$ gifsicle -e ThoseCats.gif
Split a short animated gif into 70 frames named ThoseCats.gif.000 ... ThoseCats.gif.069.  Many of those showed only the pixels which change from frame to frame.
$ gifview ThoseCats.gif
This presents the animation - start it with keyboard 'a' and stop at any time with 's'.
$ gifsicle --color-info ThoseCats.gif
* ThoseCats.gif 70 images
  logical screen 279x369
  global color table [64]
  |   0: #141922      16: #B7C8E0      32: #EFEBE3      48: #000000
  |   1: #2B3547      17: #BBA98E      33: #E4E9F0      49: #000000
[...]
  |  15: #AB9A88      31: #E7E5E2      47: #000000      63: #000000
  background 32
  loop forever
  + image #0 279x369 transparent 32
    disposal asis delay 0.08s
  + image #1 277x367 at 1,1 transparent 31
    disposal asis delay 0.08s
[...]
  + image #69 277x367 at 1,1 transparent 29
    disposal asis delay 0.08s

Combined a number of gif frames into a single animated gif.
$ gifsicle --colors 256 -m frame*.gif -o new.gif
$ file new.gif
new.gif: GIF image data, version 87a, 597 x 448
$ gifview --min-delay 100 new.gif
'a' started the animation.  's' paused it.  'r' at this point returned to the first frame.
The frames were also viewed as a slideshow by starting gifview without a delay and left-clicking on the frame to advance.

This looks good.

CC: (none) => tarazed25

Apologies to Herman.  Started my tests a while ago with a long break.

Of course I can't speak for him, but it reads to me like Herman would appreciate the confirmation this time, Len.

Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0437.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

CVE-2020-19752 was also fixed in this update:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7H3ASG2BD4D4SAUUI6TOLUZYP2QYYHXY/

I'm not entirely certain, but it appears to be a different issue.

Summary: gifsicle new security issue fixed upstream in 1.93 => gifsicle new security issues fixed upstream in 1.93 (including CVE-2020-19752)