Navigation:
Browse pkgsrc
(this page) 2016-08-10 20:12:37 by Benny Siegert | Files touched by this commit (11) |  |
Log message:
Pullup ticket #5080 - requested by sevan
graphics/gd: security fix
Revisions pulled up:
- graphics/gd/Makefile 1.111
- graphics/gd/buildlink3.mk 1.37
- graphics/gd/distinfo 1.41
- graphics/gd/options.mk 1.5
- graphics/gd/patches/patch-aa deleted
- graphics/gd/patches/patch-ab deleted
- graphics/gd/patches/patch-configure deleted
- graphics/gd/patches/patch-configure.ac deleted
- graphics/gd/patches/patch-src_gd__bmp.c deleted
- graphics/gd/patches/patch-src_gd__crop.c deleted
- graphics/gd/patches/patch-src_webpimg.c deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Aug 2 18:29:21 UTC 2016
Modified Files:
pkgsrc/graphics/gd: Makefile buildlink3.mk distinfo options.mk
Removed Files:
pkgsrc/graphics/gd/patches: patch-aa patch-ab patch-configure
patch-configure.ac patch-src_gd__bmp.c patch-src_gd__crop.c
patch-src_webpimg.c
Log message:
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting \
consistent). Another important milestone in the GD 2.2 series.
Security related fixes: This flaw is caused by loading data from external \
sources (file, custom ctx, etc) and are hard to validate before calling libgd \
APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files \
(CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file \
(CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the \
issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( \
CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with \
alpha channel, also brings libgd in sync with php's bundled gd.
|
New packages: