Path to this page:
Subject: CVS commit: pkgsrc/graphics/gd
From: Adam Ciarcinski
Date: 2016-08-02 20:29:21
Message id: 20160802182921.50E38FBB5@cvs.NetBSD.org
Log Message:
We welcome the 2.2.3 release around a month after 2.2.2 (we are getting \
consistent). Another important milestone in the GD 2.2 series.
Security related fixes: This flaw is caused by loading data from external \
sources (file, custom ctx, etc) and are hard to validate before calling libgd \
APIs:
* fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* bug 247, A read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* also bug 247, Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* bug 248, fix Out-Of-Bounds Read in read_image_tga
Using application provided parameters, in these cases invalid data causes the issues:
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* fix php bug 72494, invalid color index not handled, can lead to crash ( \
CVE-2016-6128)
* improve color check for CropThreshold
Important update:
* gdImageCopyResampled has been improved. Better handling of images with alpha \
channel, also brings libgd in sync with php's bundled gd.
Files: