Package: php5 Version: 5.2.6.dfsg.1-1+lenny3 Severity: normal Tags: patch
CVE-2008-5498 describes a potential remote vulnerability in imageRoate: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498 A PCI scan found this a Medium severity and I need this fixed to pass the scan. Patch from upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.23&r2=1.90.2.1.2.24&sortby=date&view=patch --- /repository/php-src/ext/gd/libgd/gd.c 2008/07/31 09:22:17 1.90.2.1.2.23 +++ /repository/php-src/ext/gd/libgd/gd.c 2008/12/10 13:33:10 1.90.2.1.2.24 @@ -3136,7 +3136,7 @@ return NULL; } - if (!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { + if (!gdImageTrueColor(src) && (clrBack < 0 || clrBack>=gdImageColorsTotal(src))) { return NULL; } -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: powerpc (ppc64) Kernel: Linux 2.6.26-2-powerpc64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
