-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libgd2 Version : 2.0.36~rc1~dfsg-6.1+deb7u9 CVE ID : CVE-2017-7890
Matviy Kotoniy reported that the gdImageCreateFromGifCtx() function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u9. We recommend that you upgrade your libgd2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZj3TQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH7NoQAK8xiME0tuzXike/5jDXF6fy +Ml0PZyl7SX/I+8cT5ssQM6F2RdpbgOJH0Ry8bGB/snd6lmOMItHdUg3+JeVjsbk otpGaF2gHsc3uYwt6ztE1pZ7y60eUR2Jr7CforIgjaNubqrhQsHkwVBdydYUwN5I 0x1ZftwTS3mTTvZ/9JklFePIJEu0rpVe+MveleOTrlmTHGAgc2NlH2bQxQCMD4WI xWhx6U64N/ylrR2+kUADUB9djjrQL1/PikoTJDq23F0K9dC+QfjiRKVFNOj/C6tD nxj+uvkefYcQ6vxP3cX/LbPsJnE+EnS/Vt/+irduYidTRwaLJLGj6FbnNVxDqdtk 2UIyWcK0rRHX1fByXBgK5CLXD+m1Q5gzGZLIwuELcGM/eUa58l1hx070fysGqGZL gKlDVVcoRjWk7mWJByaGooZEPmNJEoGyoTYe1ROK2fZfYqolzBbRFJv+kkhsUKVV onKUF5BRiaGLlEXQRHYy8r6zTKwHPgAZgdsdSxplFb0awHtX8FUTjgLNKn6d2abI nEvPW5HTkvxU28uKgjw9ez2Dmg7zprPFYQwEjo4BUE9CxtcTNllLJbB4TIYq1VLE rh8kxjshmlG3vGS+AJAc54TaK6zLqHgUq5lID8po2tEIho8MotxC6DhMEUenqw4f NrH5qGXv34EvAgFBUSBb =sSr8 -----END PGP SIGNATURE-----