Thanks Salvatore, I'll take care of it tomorrow, and I'll push upstream to release a bugfix release as well.
Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba všeho druhu On Wed, May 18, 2016, at 08:21, Salvatore Bonaccorso wrote: > Source: libgd2 > Version: 2.1.0-5 > Severity: important > Tags: security upstream patch > > Hi, > > the following vulnerability was published for libgd2. > > CVE-2015-8874[0]: > | Stack consumption vulnerability in GD in PHP before 5.6.12 allows > | remote attackers to cause a denial of service via a crafted > | imagefilltoborder call. > > It can be reproduced with the testcase from the php commit. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-8874 > > Please adjust the affected versions in the BTS as needed. I have not > checked older versions thatn the one in jessie. > > Regards, > Salvatore > > -- > pkg-GD-devel mailing list > pkg-gd-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel