libgd2 (2.0.33-2ubuntu5.4) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via GIF image with no global color
map
- debian/patches/06_SECURITY_CVE-2007-3475.patch: make sure we have a
global color map in gd_gif_in.c.
- CVE-2007-3475
* SECURITY UPDATE: denial of service via large color index values
- debian/patches/07_SECURITY_CVE-2007-3476.patch: compare with
gdMaxColors in gd_gif_in.c.
- CVE-2007-3476
* SECURITY UPDATE: denial of service via large start or end angle degree
value
- debian/patches/08_SECURITY_CVE-2007-3477.patch: validate start and
end values in gd.c.
- CVE-2007-3477
* SECURITY UPDATE: denial of service and possible code execution via
large color index
- debian/patches/09_SECURITY_CVE-2009-3293.patch: validate color index
in gd.c.
- CVE-2009-3293
* SECURITY UPDATE: denial of service and possible code execution via GD
file with large number of colors
- debian/patches/10_SECURITY_CVE-2009-3546.patch: make sure number of
colors specified in gd file isn't bigger than gdMaxColors in gd_gd.c.
- CVE-2009-3546
Date: Wed, 04 Nov 2009 10:02:17 -0500
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Jonas Smedegaard <[email protected]>
https://launchpad.net/ubuntu/dapper/+source/libgd2/2.0.33-2ubuntu5.4
Format: 1.7
Date: Wed, 04 Nov 2009 10:02:17 -0500
Source: libgd2
Binary: libgd2-dev libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2
libgd2-xpm-dev libgd-tools
Architecture: source
Version: 2.0.33-2ubuntu5.4
Distribution: dapper-security
Urgency: low
Maintainer: Jonas Smedegaard <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
libgd-tools - GD command line tools and example code
libgd2 - GD Graphics Library version 2
libgd2-dev - GD Graphics Library version 2 (development version)
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Changes:
libgd2 (2.0.33-2ubuntu5.4) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via GIF image with no global color
map
- debian/patches/06_SECURITY_CVE-2007-3475.patch: make sure we have a
global color map in gd_gif_in.c.
- CVE-2007-3475
* SECURITY UPDATE: denial of service via large color index values
- debian/patches/07_SECURITY_CVE-2007-3476.patch: compare with
gdMaxColors in gd_gif_in.c.
- CVE-2007-3476
* SECURITY UPDATE: denial of service via large start or end angle degree
value
- debian/patches/08_SECURITY_CVE-2007-3477.patch: validate start and
end values in gd.c.
- CVE-2007-3477
* SECURITY UPDATE: denial of service and possible code execution via
large color index
- debian/patches/09_SECURITY_CVE-2009-3293.patch: validate color index
in gd.c.
- CVE-2009-3293
* SECURITY UPDATE: denial of service and possible code execution via GD
file with large number of colors
- debian/patches/10_SECURITY_CVE-2009-3546.patch: make sure number of
colors specified in gd file isn't bigger than gdMaxColors in gd_gd.c.
- CVE-2009-3546
Files:
c7ce6a684cc67dbc69f03e03b54b51b2 973 libs optional libgd2_2.0.33-2ubuntu5.4.dsc
04046c5a93a087f4f5ade0055bbf22cb 258547 libs optional
libgd2_2.0.33-2ubuntu5.4.diff.gz
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
