[ubuntu/bionic-security] libgd2 2.2.5-4ubuntu0.4 (Accepted)
Avital Ostromich
avital.ostromich at canonical.com
Thu Apr 2 20:39:04 UTC 2020
libgd2 (2.2.5-4ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
to crash an application via a specific function call sequence
- debian/patches/CVE-2018-14553.patch: remove manual style copy from
src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
- CVE-2018-14553
* SECURITY UPDATE: possible read of uninitialized variable in
gdImageCreateFromXbm()
- debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
input in src/gd_xbm.c.
- debian/patches/CVE-2019-11038-test.patch: add a test for
CVE-2019-11038.patch
- CVE-2019-11038
Date: 2020-03-31 22:03:14.753119+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list