Accepted libgd2 2.0.28-3ubuntu1 (source)
Martin Pitt
mpitt at debian.org
Fri Oct 29 02:10:02 CDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 28 Oct 2004 18:13:08 +0200
Source: libgd2
Binary: libgd2-dev libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2 libgd2-xpm-dev libgd-tools
Architecture: source
Version: 2.0.28-3ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <mpitt at debian.org>
Description:
libgd-tools - GD command line tools and example code
libgd2 - GD Graphics Library version 2
libgd2-dev - GD Graphics Library version 2 (development version)
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Changes:
libgd2 (2.0.28-3ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: fix potential buffer overflows (Warty bug #2810)
* gd_png.c, gdImagePngCtxEx():
- gdMalloc() was called with a size calculated by multiplying
user-supplied values without overflow checking, leading to potential
buffer overflows
- fixed forgotten return statements on failed gdMalloc(), causing writing
to uninitialized memory if allocation failed
* References:
CAN-2004-0990
http://www.securityfocus.com/archive/1/379382
Files:
c1df3a35652703ea52ac02d2d569b411 848 libs optional libgd2_2.0.28-3ubuntu1.dsc
c5141fde714723d83b4c5856a712cdd2 14843 libs optional libgd2_2.0.28-3ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBgewcDecnbV4Fd/IRAuoQAKCvf4GnFw2SY0wkF22drtGy82A5fACfQ6tL
hvqhAyG6AtbZaEjRN9ExRUY=
=8ULs
-----END PGP SIGNATURE-----
Accepted:
libgd2_2.0.28-3ubuntu1.diff.gz
to pool/main/libg/libgd2/libgd2_2.0.28-3ubuntu1.diff.gz
libgd2_2.0.28-3ubuntu1.dsc
to pool/main/libg/libgd2/libgd2_2.0.28-3ubuntu1.dsc
More information about the hoary-changes
mailing list