[ubuntu/yakkety-proposed] libgd2 2.2.1-1ubuntu3 (Accepted)

Wed Aug 10 18:33:14 UTC 2016

libgd2 (2.2.1-1ubuntu3) yakkety; urgency=medium

  * SECURITY UPDATE: out of bounds read in TGA file parsing
    - debian/patches/CVE-2016-6132.patch: properly validate image data in
      src/gd_tga.c.
    - CVE-2016-6132
  * SECURITY UPDATE: OOB or OOM in gdImageScale
    - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
      and check return codes in src/gd.c, src/gd_interpolation.c.
    - CVE-2016-6207
  * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
    bpp/alphabit combinations
    - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
    - CVE-2016-6214

Date: Wed, 10 Aug 2016 13:55:18 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libgd2/2.2.1-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 10 Aug 2016 13:55:18 -0400
Source: libgd2
Binary: libgd-tools libgd-dev libgd3 libgd-dbg
Architecture: source
Version: 2.2.1-1ubuntu3
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libgd-dbg  - Debug symbols for GD Graphics Library
 libgd-dev  - GD Graphics Library (development version)
 libgd-tools - GD command line tools and example code
 libgd3     - GD Graphics Library
Changes:
 libgd2 (2.2.1-1ubuntu3) yakkety; urgency=medium
 .
   * SECURITY UPDATE: out of bounds read in TGA file parsing
     - debian/patches/CVE-2016-6132.patch: properly validate image data in
       src/gd_tga.c.
     - CVE-2016-6132
   * SECURITY UPDATE: OOB or OOM in gdImageScale
     - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
       and check return codes in src/gd.c, src/gd_interpolation.c.
     - CVE-2016-6207
   * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
     bpp/alphabit combinations
     - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
     - CVE-2016-6214
Checksums-Sha1:
 f850eb9f434a1d9b171aa5e852836f76d1aed0ca 2303 libgd2_2.2.1-1ubuntu3.dsc
 7273a7fb8d9c88f02695d5d1dfa2f954e8c09b3b 28328 libgd2_2.2.1-1ubuntu3.debian.tar.xz
Checksums-Sha256:
 902ff6150ad54e51ca22affb13f94136e03325ed3df866578ceb9bf2f072b19c 2303 libgd2_2.2.1-1ubuntu3.dsc
 9736ad30a20a00ca04e61c74f3185c9adc4a1fa828efd4a6e5fc2f165a7a538a 28328 libgd2_2.2.1-1ubuntu3.debian.tar.xz
Files:
 613af0d423ce9b459fa95e4e0e304780 2303 graphics optional libgd2_2.2.1-1ubuntu3.dsc
 b051653869185828d9f300134b082d59 28328 graphics optional libgd2_2.2.1-1ubuntu3.debian.tar.xz
Original-Maintainer: GD team <pkg-gd-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXq3MMAAoJEGVp2FWnRL6TG+kP/jRQJM2rcpbZgB+JSw18M/8D
OW25RATzzDnW7M7QTuRc5rauHYOmL49tmo3BlxNyV0lMbvpzuf73RUyiEkcnpplL
9FiCgtKAo7HwPnORjwJGd0Rzd/+4DKv2CZAZvz8i8v99jH8MYAO82fS6uygw4Ee4
ErxIT5BJAzD406ushkB8W6fI+2QF6jiJG6aiZgkMOvLHEcOqU+y9hK7bK2T5zlCE
eSaSWQN2M/2PrHf2v32EbTB6HEvUzvSvfD93BssMoK4GxZ26ajhI/FzMCe/0YE82
W/HE9Pwl50KXTDotKDKIvGttogbVFFQ6VDVou/J7OE3nVRFZOzFo+fmBDe1rKkKU
Gml3AhZRRLTNT3INrVf3dyRX8DM2+gSqx7LARWOPRfkcTSqRoq3uOYD7NiJwl0UM
uppzC1F8PVTs002GHgZZa3zST3mR1OtIR0njbhTqLmBa37A3RcIRxsdyHtdlxyvT
vHD+PegB1ZUMS8MWYpJQ2koOhR0rz+O3EmG02hHRzxgD6ipDWcovoWYiwhMt1nkQ
Y2ex4GxsSnsISo0tqvmLyi8vzPrq8YDTfEU9dWvjBEM0sLL8u9jw/kmwqit/GtPC
XPjtz+vfUfvOsHY5M0/Lv8Fb7qFASKUbCRt9x5D5BXYNWX7RJ5TT65Afvwnpl2r9
LN19L0rcCFDi7uo90auM
=4VBO
-----END PGP SIGNATURE-----