[pkg-GD-devel] Bug#840806: Bug#840806: closed by Ondřej Surý <ondrej at debian.org> (Bug#840806: fixed in libgd2 2.2.3-87-gd0fec80-1)
Ondřej Surý
ondrej at debian.org
Sun Nov 6 22:47:33 UTC 2016
Hi Salvatore,
you are right. I thought this patch has been already merged into
upstream git,
but it looks like it hasn't. I will upload fixed version to unstable
shortly.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
On Mon, Oct 31, 2016, at 14:16, Salvatore Bonaccorso wrote:
> Control: reopen -1
>
> Hi Ondřej,
>
> While updating the security-tracker information I noticed:
>
> On Mon, Oct 31, 2016 at 10:21:15AM +0000, Debian Bug Tracking System
> wrote:
> [...]
> > + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr()
> [...]
>
> For the recently uploaded Version 2.2.3-87-gd0fec80-1. But comparing
> this with the patch applied in jessie-security, named
> 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
>
> Is this patch missing for the unstable upload?
>
> I'm reopening the bug just to be on the safe side, but happy to be
> corrected if I'm wrong!
>
> Regards,
> Salvatore
>
> --
> pkg-GD-devel mailing list
> pkg-GD-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel
More information about the pkg-GD-devel
mailing list