[ubuntu/dapper-security] libgd2 2.0.33-2ubuntu5.4 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Nov 5 19:03:59 GMT 2009
libgd2 (2.0.33-2ubuntu5.4) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via GIF image with no global color
map
- debian/patches/06_SECURITY_CVE-2007-3475.patch: make sure we have a
global color map in gd_gif_in.c.
- CVE-2007-3475
* SECURITY UPDATE: denial of service via large color index values
- debian/patches/07_SECURITY_CVE-2007-3476.patch: compare with
gdMaxColors in gd_gif_in.c.
- CVE-2007-3476
* SECURITY UPDATE: denial of service via large start or end angle degree
value
- debian/patches/08_SECURITY_CVE-2007-3477.patch: validate start and
end values in gd.c.
- CVE-2007-3477
* SECURITY UPDATE: denial of service and possible code execution via
large color index
- debian/patches/09_SECURITY_CVE-2009-3293.patch: validate color index
in gd.c.
- CVE-2009-3293
* SECURITY UPDATE: denial of service and possible code execution via GD
file with large number of colors
- debian/patches/10_SECURITY_CVE-2009-3546.patch: make sure number of
colors specified in gd file isn't bigger than gdMaxColors in gd_gd.c.
- CVE-2009-3546
Date: Wed, 04 Nov 2009 10:02:17 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Jonas Smedegaard <dr at jones.dk>
https://launchpad.net/ubuntu/dapper/+source/libgd2/2.0.33-2ubuntu5.4
-------------- next part --------------
Format: 1.7
Date: Wed, 04 Nov 2009 10:02:17 -0500
Source: libgd2
Binary: libgd2-dev libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2 libgd2-xpm-dev libgd-tools
Architecture: source
Version: 2.0.33-2ubuntu5.4
Distribution: dapper-security
Urgency: low
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libgd-tools - GD command line tools and example code
libgd2 - GD Graphics Library version 2
libgd2-dev - GD Graphics Library version 2 (development version)
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Changes:
libgd2 (2.0.33-2ubuntu5.4) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via GIF image with no global color
map
- debian/patches/06_SECURITY_CVE-2007-3475.patch: make sure we have a
global color map in gd_gif_in.c.
- CVE-2007-3475
* SECURITY UPDATE: denial of service via large color index values
- debian/patches/07_SECURITY_CVE-2007-3476.patch: compare with
gdMaxColors in gd_gif_in.c.
- CVE-2007-3476
* SECURITY UPDATE: denial of service via large start or end angle degree
value
- debian/patches/08_SECURITY_CVE-2007-3477.patch: validate start and
end values in gd.c.
- CVE-2007-3477
* SECURITY UPDATE: denial of service and possible code execution via
large color index
- debian/patches/09_SECURITY_CVE-2009-3293.patch: validate color index
in gd.c.
- CVE-2009-3293
* SECURITY UPDATE: denial of service and possible code execution via GD
file with large number of colors
- debian/patches/10_SECURITY_CVE-2009-3546.patch: make sure number of
colors specified in gd file isn't bigger than gdMaxColors in gd_gd.c.
- CVE-2009-3546
Files:
c7ce6a684cc67dbc69f03e03b54b51b2 973 libs optional libgd2_2.0.33-2ubuntu5.4.dsc
04046c5a93a087f4f5ade0055bbf22cb 258547 libs optional libgd2_2.0.33-2ubuntu5.4.diff.gz
More information about the dapper-changes
mailing list