[pkg-GD-devel] Bug#824627: Bug#824627: libgd2: CVE-2015-8874
Ondřej Surý
ondrej at sury.org
Thu May 19 19:41:57 UTC 2016
Thanks Salvatore,
I'll take care of it tomorrow, and I'll push upstream to release a
bugfix release as well.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba
všeho druhu
On Wed, May 18, 2016, at 08:21, Salvatore Bonaccorso wrote:
> Source: libgd2
> Version: 2.1.0-5
> Severity: important
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerability was published for libgd2.
>
> CVE-2015-8874[0]:
> | Stack consumption vulnerability in GD in PHP before 5.6.12 allows
> | remote attackers to cause a denial of service via a crafted
> | imagefilltoborder call.
>
> It can be reproduced with the testcase from the php commit.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-8874
>
> Please adjust the affected versions in the BTS as needed. I have not
> checked older versions thatn the one in jessie.
>
> Regards,
> Salvatore
>
> --
> pkg-GD-devel mailing list
> pkg-GD-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel
More information about the pkg-GD-devel
mailing list