[ubuntu/xenial-security] libgd2 2.1.1-4ubuntu0.16.04.12 (Accepted)
Avital Ostromich
avital.ostromich at canonical.com
Thu Apr 2 20:39:06 UTC 2020
libgd2 (2.1.1-4ubuntu0.16.04.12) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
to crash an application via a specific function call sequence
- debian/patches/CVE-2018-14553.patch: remove manual style copy from
src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
- CVE-2018-14553
* SECURITY UPDATE: possible read of uninitialized variable in
gdImageCreateFromXbm()
- debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
input in src/gd_xbm.c.
- debian/patches/CVE-2019-11038-test.patch: add a test for
CVE-2019-11038.patch.
- debian/patches/CVE-2019-11038-test-functions.patch: add functions for
CVE-2019-11038-test.patch.
- CVE-2019-11038
Date: 2020-03-31 22:47:14.927572+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list