[pkg-GD-devel] Bug#849038: Bug#849038: libgd2: CVE-2016-9933: imagefilltoborder stackoverflow on truecolor images
Ondřej Surý
ondrej at sury.org
Thu Dec 22 13:36:28 UTC 2016
Hi Balint,
thank you for the report. There's actually more security bugs pilled up,
and I am preparing GD 2.2.4 release to fix them all. Unfortunately (or
fortunately) not all security bugs are public, so it's hard to upload
fixes without exposing them.
I would like to have an update ready before end of the year.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu
On Thu, Dec 22, 2016, at 03:31, Balint Reczey wrote:
> Package: libgd2
> Severity: serious
> Tags: security
>
> Hi,
>
> the following vulnerability was published for libgd2.
>
> CVE-2016-9933[0]:
> imagefilltoborder stackoverflow on truecolor images
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-9933
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
> Please adjust the affected versions in the BTS as needed.
>
> --
> pkg-GD-devel mailing list
> pkg-GD-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel
More information about the pkg-GD-devel
mailing list