Accepted: libgd2 2.0.35.dfsg-3ubuntu1 (source)
Kees Cook
kees at ubuntu.com
Fri Dec 7 01:15:18 GMT 2007
Accepted:
OK: libgd2_2.0.35.dfsg.orig.tar.gz
OK: libgd2_2.0.35.dfsg-3ubuntu1.diff.gz
OK: libgd2_2.0.35.dfsg-3ubuntu1.dsc
-> Component: main Section: oldlibs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 06 Dec 2007 17:02:21 -0800
Source: libgd2
Binary: libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2-xpm-dev libgd-tools
Architecture: source
Version: 2.0.35.dfsg-3ubuntu1
Distribution: hardy
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description:
libgd-tools - GD command line tools and example code
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Closes: 431443
Changes:
libgd2 (2.0.35.dfsg-3ubuntu1) hardy; urgency=low
.
* Merge from debian unstable, remaining changes:
- debian/control: Drop unnecessary build dependency 'gnulib'.
- maintainer field updates
.
libgd2 (2.0.35.dfsg-3) unstable; urgency=high
.
* Add patch hand-picked from upstream CVS:
+ gdImageColorTransparent can write outside buffer
* Raise to urgency=high as this a small, security-related bugfix.
.
libgd2 (2.0.35.dfsg-2) unstable; urgency=medium
.
* Add patch (using patchsystem-quilt.mk cdbs snippet) hand-picked from
upstream CVS to fix various security-related issues:
+ _gdCreateFromFile() can crash if gdImageCreate fails
+ gdImageCreateFrom*Ptr() can crash if gdNewDynamicCtxEx()
+ gdImageRectangle draws 1x1 rectangles as 1x3 rectangles
+ Possible integer overflow in gdImageFill()
+ Optimization for single pixel line not in correct order
+ gdImageColorDeallocate can write outside buffer
* Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control.
* Update cdbs tweaks:
+ Support non-dot-delimited repackaging tag in update-tarball.
+ update-tarball needs recent cdbs (only relevant for backports).
* Cleanup duplicate build-dependencies in debian/rules.
* Semi-auto-update debian/control:
DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules pre-build
* Fix shlibs dependencies: Use DEB_UPSTREAM_VERSION (instead of custom
version variables).
* Set urgenvy=medium due to the security-related fixes.
.
libgd2 (2.0.35.dfsg-1) unstable; urgency=low
.
* New upstream release. Closes: bug#431443, thanks to Sean Finney.
* Repackage source tarball to avoid files below VMS and cmake that
contains copyrights with questionable or missing licensing info.
* Switch to team maintainance using Alioth project pkg-gd, and myself
and Sean Finney as uploaders. Others interested in helping out
maintaining packaging of GD and related packages, please get in
touch with us at pgk-gd-devel at lists.alioth.debian.org .
* Update CDBS tweaks:
+ Minor improvements to upstream-tarball.mk.
+ Advertise debian/README.cdbs-tweaks in debian/rules.
* Replace deprecated ${Source-Version} with Use binNMU-safe
${binary:Version} in debian/control. Thanks to Lintian.
* Update debian/copyright to include new copyright (BSD) for the file
strlcpy.c.
Files:
327ab198d03a01abe46d280e0087d5a7 1152 graphics optional libgd2_2.0.35.dfsg-3ubuntu1.dsc
49d550f8e74802c1d890b97174366211 1338565 graphics optional libgd2_2.0.35.dfsg.orig.tar.gz
02616b6e07da49b12af18895a69fe2c1 26182 graphics optional libgd2_2.0.35.dfsg-3ubuntu1.diff.gz
Original-Maintainer: GD team <pkg-gd-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHWJ1DH/9LqRcGPm0RAlMzAKCNdFcY4csmioDSsrxBWcURcipXRACfUPgf
56tgZUXO0sTfRIysweOkS3Y=
=pGos
-----END PGP SIGNATURE-----
More information about the Hardy-changes
mailing list