Hi Balint, thank you for the report. There's actually more security bugs pilled up, and I am preparing GD 2.2.4 release to fix them all. Unfortunately (or fortunately) not all security bugs are public, so it's hard to upload fixes without exposing them.
I would like to have an update ready before end of the year. Cheers, -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu On Thu, Dec 22, 2016, at 03:31, Balint Reczey wrote: > Package: libgd2 > Severity: serious > Tags: security > > Hi, > > the following vulnerability was published for libgd2. > > CVE-2016-9933[0]: > imagefilltoborder stackoverflow on truecolor images > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-9933 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933 > Please adjust the affected versions in the BTS as needed. > > -- > pkg-GD-devel mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel
