-
libgd2 (2.1.1-4ubuntu0.16.04.12) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
to crash an application via a specific function call sequence
- debian/patches/CVE-2018-14553.patch: remove manual style copy from
src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
- CVE-2018-14553
* SECURITY UPDATE: possible read of uninitialized variable in
gdImageCreateFromXbm()
- debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
input in src/gd_xbm.c.
- debian/patches/CVE-2019-11038-test.patch: add a test for
CVE-2019-11038.patch.
- debian/patches/CVE-2019-11038-test-functions.patch: add functions for
CVE-2019-11038-test.patch.
- CVE-2019-11038
-- Avital Ostromich <email address hidden> Thu, 26 Mar 2020 13:51:51 -0400
-
libgd2 (2.1.1-4ubuntu0.16.04.11) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in gdImageColorMatch
- debian/patches/CVE-2019-6977.patch: use gdMaxColors in
src/gd_color_match.c.
- CVE-2019-6977
* SECURITY UPDATE: double-free in gdImage*Ptr() functions
- debian/patches/CVE-2019-6978.patch: properly handle failure in
src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
tests/jpeg/CMakeLists.txt, tests/jpeg/jpeg_ptr_double_free.c.
- CVE-2019-6978
-- Marc Deslauriers <email address hidden> Wed, 27 Feb 2019 14:35:55 -0500
-
libgd2 (2.1.1-4ubuntu0.16.04.10) xenial-security; urgency=medium
* SECURITY UPDATE: Double free
- debian/patches/CVE-2018-1000222.patch: fix in
src/gd_bmp.c.
- CVE-2018-1000222
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2018-5711.patch: fix in
src/gd_gif_in.c.
- CVE-2018-5711
-- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Aug 2018 12:13:57 -0300
-
libgd2 (2.1.1-4ubuntu0.16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: Double-free memory
- debian/patches/CVE-2017-6362.patch: introduces a static
helper to check failure or success in src/gd_png.c also
adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am,
tests/png/bug00381_1.c, tests/png/bug00381_2.c.
- CVE-2017-6362
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Sep 2017 17:23:24 -0300
-
libgd2 (2.1.1-4ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: memory read vulnerability in GIF
- debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
information leak and adding test in src/gd_gif_in.c,
tests/gif/CMakeLists.txt, tests/MakeModule.am,
tests/gif/uninitialized_memory_read.c,
tests/gif/unitialized_memory_read.gif.
- CVE-2017-7890
-- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Aug 2017 15:59:01 -0300
-
libgd2 (2.1.1-4ubuntu0.16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: potential unsigned underflow
- debian/patches/CVE-2016-10166.patch: refactor loop in
src/gd_interpolation.c.
- CVE-2016-10166
* SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
- debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
- CVE-2016-10167
* SECURITY UPDATE: signed integer overflow in gd_io.c
- debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
- CVE-2016-10168
* SECURITY UPDATE: OOB reads of the TGA decompression buffer
- debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
src/gd_tga.c.
- debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
src/gd_tga.c.
- debian/patches/CVE-2016-6906-1.patch: check for overflow in
src/gd_tga.c.
- debian/patches/CVE-2016-6906-2.patch: add another overflow check in
src/gd_tga.c.
- CVE-2016-6906
* SECURITY UPDATE: double-free in gdImageWebPtr()
- debian/patches/CVE-2016-6912.patch: add helper function to indicate
failure in src/gd_webp.c.
- CVE-2016-6912
* SECURITY UPDATE: DoS via oversized image
- debian/patches/CVE-2016-9317.patch: check for oversized images in
src/gd.c.
- CVE-2016-9317
* SECURITY UPDATE: DoS via stack consumption
- debian/patches/CVE-2016-9933.patch: check for invalid colors in
src/gd.c.
- CVE-2016-9933
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2017 10:29:32 -0500
-
libgd2 (2.1.1-4ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service via invalid read in
gdImageCreateFromTiffPtr()
- debian/patches/CVE-2016-6911.patch: check out of bounds reads in
src/gd_io_dp.c, check return code in src/gd_tiff.c.
- CVE-2016-6911
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow in gdImageWebpCtx
- debian/patches/CVE-2015-7568.patch: check for overflow in
src/gd_webp.c.
- CVE-2016-7568
* SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
- debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
signed to unsigned conversion in src/gd_io_dp.c.
- CVE-2016-8670
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 14:16:31 +0200
-
libgd2 (2.1.1-4ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: out of bounds read in TGA file parsing
- debian/patches/CVE-2016-6132.patch: properly validate image data in
src/gd_tga.c.
- CVE-2016-6132
* SECURITY UPDATE: OOB or OOM in gdImageScale
- debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
and check return codes in src/gd.c, src/gd_interpolation.c.
- CVE-2016-6207
* SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
bpp/alphabit combinations
- debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
- CVE-2016-6214
-- Marc Deslauriers <email address hidden> Tue, 09 Aug 2016 09:38:28 -0400
-
libgd2 (2.1.1-4ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: stack overflow with large names
- debian/patches/CVE-2016-5116.patch: properly handle names in
src/gd_xbm.c.
- CVE-2016-5116
* SECURITY UPDATE: integer overflow in _gd2GetHeader()
- debian/patches/CVE-2016-5766.patch: check for overflow in
src/gd_gd2.c.
- CVE-2016-5766
* SECURITY UPDATE: denial of service via invalid color index
- debian/patches/CVE-2016-6128.patch: check color index in
src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
tests/gdimagecrop/php_bug_72494.c.
- CVE-2016-6128
* SECURITY UPDATE: out of bounds read of masks array
- debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
src/gd_gif_out.c.
- CVE-2016-6161
-- Marc Deslauriers <email address hidden> Fri, 08 Jul 2016 14:22:56 -0400
-
libgd2 (2.1.1-4ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted imagefilltoborder call
- debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
- CVE-2015-8874
* SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
- debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
src/gd_interpolation.c.
- CVE-2015-8877
* SECURITY UPDATE: denial of service and possible code execution via
crafted compressed gd2 data
- debian/patches/CVE-2016-3074.patch: perform range checking in
src/gd_gd2.c.
- CVE-2016-3074
-- Marc Deslauriers <email address hidden> Thu, 26 May 2016 09:22:19 -0400
-
libgd2 (2.1.1-4build2) xenial; urgency=medium
* Rebuild against libvpx3.
-- Colin Watson <email address hidden> Thu, 07 Jan 2016 00:57:20 +0000
-
libgd2 (2.1.1-4build1) wily; urgency=medium
* No-change rebuild against new libvpx
-- Iain Lane <email address hidden> Fri, 24 Jul 2015 17:58:20 +0100
