[ubuntu/dapper-security] libgd2 2.0.33-2ubuntu5.4 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Nov 5 19:03:59 GMT 2009


libgd2 (2.0.33-2ubuntu5.4) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via GIF image with no global color
    map
    - debian/patches/06_SECURITY_CVE-2007-3475.patch: make sure we have a
      global color map in gd_gif_in.c.
    - CVE-2007-3475
  * SECURITY UPDATE: denial of service via large color index values
    - debian/patches/07_SECURITY_CVE-2007-3476.patch: compare with
      gdMaxColors in gd_gif_in.c.
    - CVE-2007-3476
  * SECURITY UPDATE: denial of service via large start or end angle degree
    value
    - debian/patches/08_SECURITY_CVE-2007-3477.patch: validate start and
      end values in gd.c.
    - CVE-2007-3477
  * SECURITY UPDATE: denial of service and possible code execution via
    large color index
    - debian/patches/09_SECURITY_CVE-2009-3293.patch: validate color index
      in gd.c.
    - CVE-2009-3293
  * SECURITY UPDATE: denial of service and possible code execution via GD
    file with large number of colors
    - debian/patches/10_SECURITY_CVE-2009-3546.patch: make sure number of
      colors specified in gd file isn't bigger than gdMaxColors in gd_gd.c.
    - CVE-2009-3546

Date: Wed, 04 Nov 2009 10:02:17 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Jonas Smedegaard <dr at jones.dk>
https://launchpad.net/ubuntu/dapper/+source/libgd2/2.0.33-2ubuntu5.4
-------------- next part --------------
Format: 1.7
Date: Wed, 04 Nov 2009 10:02:17 -0500
Source: libgd2
Binary: libgd2-dev libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2 libgd2-xpm-dev libgd-tools
Architecture: source
Version: 2.0.33-2ubuntu5.4
Distribution: dapper-security
Urgency: low
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libgd-tools - GD command line tools and example code
 libgd2     - GD Graphics Library version 2
 libgd2-dev - GD Graphics Library version 2 (development version)
 libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
 libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
 libgd2-xpm - GD Graphics Library version 2
 libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Changes: 
 libgd2 (2.0.33-2ubuntu5.4) dapper-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via GIF image with no global color
     map
     - debian/patches/06_SECURITY_CVE-2007-3475.patch: make sure we have a
       global color map in gd_gif_in.c.
     - CVE-2007-3475
   * SECURITY UPDATE: denial of service via large color index values
     - debian/patches/07_SECURITY_CVE-2007-3476.patch: compare with
       gdMaxColors in gd_gif_in.c.
     - CVE-2007-3476
   * SECURITY UPDATE: denial of service via large start or end angle degree
     value
     - debian/patches/08_SECURITY_CVE-2007-3477.patch: validate start and
       end values in gd.c.
     - CVE-2007-3477
   * SECURITY UPDATE: denial of service and possible code execution via
     large color index
     - debian/patches/09_SECURITY_CVE-2009-3293.patch: validate color index
       in gd.c.
     - CVE-2009-3293
   * SECURITY UPDATE: denial of service and possible code execution via GD
     file with large number of colors
     - debian/patches/10_SECURITY_CVE-2009-3546.patch: make sure number of
       colors specified in gd file isn't bigger than gdMaxColors in gd_gd.c.
     - CVE-2009-3546
Files: 
 c7ce6a684cc67dbc69f03e03b54b51b2 973 libs optional libgd2_2.0.33-2ubuntu5.4.dsc
 04046c5a93a087f4f5ade0055bbf22cb 258547 libs optional libgd2_2.0.33-2ubuntu5.4.diff.gz


More information about the dapper-changes mailing list