[ubuntu/trusty-updates] libgd2 2.1.0-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue May 31 16:28:12 UTC 2016

libgd2 (2.1.0-3ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted color table in XPM file
    - debian/patches/CVE-2014-2497.patch: avoid null-pointer dereference in
    - CVE-2014-2497
  * SECURITY UPDATE: denial of service via crafted GIF image
    - debian/patches/CVE-2014-9709-1.patch: fix buffer read overflow in
    - debian/patches/CVE-2014-9709-2.patch: move overflow test outside the
      loop in src/gd_gif_in.c.
    - CVE-2014-9709
  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
    - debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
    - CVE-2015-8877
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
    - CVE-2016-3074

Date: 2016-05-26 13:47:18.769005+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list