[ubuntu/zesty-proposed] libgd2 2.2.1-1ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Nov 1 19:00:16 UTC 2016
libgd2 (2.2.1-1ubuntu4) zesty; urgency=medium
* SECURITY UPDATE: denial of service via invalid read in
gdImageCreateFromTiffPtr()
- debian/patches/CVE-2016-6911.patch: check out of bounds reads in
src/gd_io_dp.c, check return code in src/gd_tiff.c.
- CVE-2016-6911
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow in gdImageWebpCtx
- debian/patches/CVE-2015-7568.patch: check for overflow in
src/gd_webp.c.
- CVE-2016-7568
* SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
- debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
signed to unsigned conversion in src/gd_io_dp.c.
- CVE-2016-8670
Date: Tue, 01 Nov 2016 14:44:48 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libgd2/2.2.1-1ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 01 Nov 2016 14:44:48 -0400
Source: libgd2
Binary: libgd-tools libgd-dev libgd3 libgd-dbg
Architecture: source
Version: 2.2.1-1ubuntu4
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libgd-dbg - Debug symbols for GD Graphics Library
libgd-dev - GD Graphics Library (development version)
libgd-tools - GD command line tools and example code
libgd3 - GD Graphics Library
Changes:
libgd2 (2.2.1-1ubuntu4) zesty; urgency=medium
.
* SECURITY UPDATE: denial of service via invalid read in
gdImageCreateFromTiffPtr()
- debian/patches/CVE-2016-6911.patch: check out of bounds reads in
src/gd_io_dp.c, check return code in src/gd_tiff.c.
- CVE-2016-6911
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow in gdImageWebpCtx
- debian/patches/CVE-2015-7568.patch: check for overflow in
src/gd_webp.c.
- CVE-2016-7568
* SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
- debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
signed to unsigned conversion in src/gd_io_dp.c.
- CVE-2016-8670
Checksums-Sha1:
6e75746e0a7ade76c1920e6a73c91890db110b7e 2303 libgd2_2.2.1-1ubuntu4.dsc
cf749fbdfd8e9d90d23066b6955886b88f330939 30228 libgd2_2.2.1-1ubuntu4.debian.tar.xz
Checksums-Sha256:
6b062c93b41244edb6c195e9582364703fe00b00c393ad81170bb3347ee41457 2303 libgd2_2.2.1-1ubuntu4.dsc
ed395cb9b138397e63fabfa2d63e7771d7c08be328ee82eede30c1f15fb37e64 30228 libgd2_2.2.1-1ubuntu4.debian.tar.xz
Files:
c13a5503c3effb64e6046390a14e30dc 2303 graphics optional libgd2_2.2.1-1ubuntu4.dsc
273a6dfa8530844757d58e084a888dc1 30228 graphics optional libgd2_2.2.1-1ubuntu4.debian.tar.xz
Original-Maintainer: GD team <pkg-gd-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYGOWAAAoJEGVp2FWnRL6Tv3AP/io8DjQ4FmvkR7SGcWFcNkVs
JPHbVFvBh68MJ1IB0pLimddvoOXtTKWxCCDLZndZjQlGidDpUc7v/3GIup417Dvt
OX/LUkskhdZqR3xR8yXnKNloisKP3Hc2ZK95X+nD/O4NmTtMT0bxqXwLc7ivhDwk
sFUNx6L8qZz1tY9zh5aXfJ99c8WquzshOoF9jdpOXcZ7U72l0w1xqs1r0kp3pbUN
HomNuHY0qECCKLt6mPxxX1+yXnRmwVm+l68PkUXaK0fvTA7CifMOszwUn31qyDLs
Moysmsan9aMnkm1CFAosyrBUjqmH1HSL66De3w/KB8IwFzSfEnRN57g7B/CX9GUr
4wrXQLWs3+Ag3L/VM/A86ETdM1pyPjdk5mLS6oXMylJEoIQPkCkoAGKs+wFMKArF
05Upk+Jg4aCUWBkw/TBUQPkSvyoik7Kui5T+5w6qZN9ZwsYocW0VeG8NRik4ILhl
VoYZXrxyB2G4CpjZAzaTl46rCkqCYLnwXGOzQ0NXfjG6lKW9Wt9gpKrc9l9BsgO3
nzod64dTOsrMQ1hPXI1+KhWV3Q3r5RxWPYrPixVUjFYNbTaF51h7cHPjiydg/KlV
22dzY+0cI3ggZsnNybQk31EzYkLH4k6etbxRgE5lKpPxczqj1c7h+u42AY0b+S80
jfxqb0LItFJugaJhTKbM
=50RR
-----END PGP SIGNATURE-----
More information about the Zesty-changes
mailing list