Hello community, here is the log from the commit of package gd for openSUSE:Leap:15.2 checked in at 2020-03-20 05:52:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/gd (Old) and /work/SRC/openSUSE:Leap:15.2/.gd.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gd" Fri Mar 20 05:52:22 2020 rev:21 rq:782135 version:2.2.5 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/gd/gd.changes 2020-01-15 14:59:07.689706908 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.gd.new.3160/gd.changes 2020-03-20 05:52:27.576045626 +0100 @@ -1,0 +2,16 @@ +Wed Mar 4 10:11:21 UTC 2020 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() + + gd-CVE-2018-14553.patch + +------------------------------------------------------------------- +Tue Jul 16 09:12:15 UTC 2019 - pgaj...@suse.com + +- security update +- added patches + CVE-2019-11038 [bsc#1140120] + + gd-CVE-2019-11038.patch + +------------------------------------------------------------------- New: ---- gd-CVE-2018-14553.patch gd-CVE-2019-11038.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gd.spec ++++++ --- /var/tmp/diff_new_pack.auy8uN/_old 2020-03-20 05:52:27.972045890 +0100 +++ /var/tmp/diff_new_pack.auy8uN/_new 2020-03-20 05:52:27.972045890 +0100 @@ -37,6 +37,10 @@ Patch5: gd-CVE-2018-1000222.patch Patch6: gd-CVE-2019-6978.patch Patch7: gd-CVE-2019-6977.patch +# CVE-2019-11038 [bsc#1140118] +Patch8: gd-CVE-2019-11038.patch +# CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() +Patch9: gd-CVE-2018-14553.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -103,6 +107,8 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 chmod 644 COPYING %build ++++++ gd-CVE-2018-14553.patch ++++++ diff --git a/src/gd.c b/src/gd.c index 592a0286..d564d1f9 100644 --- a/src/gd.c +++ b/src/gd.c @@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { } } - if (src->styleLength > 0) { - dst->styleLength = src->styleLength; - dst->stylePos = src->stylePos; - for (i = 0; i < src->styleLength; i++) { - dst->style[i] = src->style[i]; - } - } - dst->interlace = src->interlace; dst->alphaBlendingFlag = src->alphaBlendingFlag; @@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { if (src->style) { gdImageSetStyle(dst, src->style, src->styleLength); + dst->stylePos = src->stylePos; } for (i = 0; i < gdMaxColors; i++) { ++++++ gd-CVE-2019-11038.patch ++++++ diff --git a/src/gd_xbm.c b/src/gd_xbm.c index 4ca41acf..cf0545ef 100644 --- a/src/gd_xbm.c +++ b/src/gd_xbm.c @@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) } h[3] = ch; } - sscanf(h, "%x", &b); + if (sscanf(h, "%x", &b) != 1) { + gd_error("invalid XBM"); + gdImageDestroy(im); + return 0; + } for (bit = 1; bit <= max_bit; bit = bit << 1) { gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0); if (x == im->sx) {