[Buildroot] [PATCH] gd: security bump to version 2.2.3
Peter Korsgaard
peter at korsgaard.com
Wed Jan 4 16:06:13 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Security related fixes:
> This flaw is caused by loading data from external sources (file, custom ctx,
> etc) and are hard to validate before calling libgd APIs:
> - fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
> - bug #248, fix Out-Of-Bounds Read in read_image_tga
> - gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
> Using application provided parameters, in these cases invalid data causes
> the issues:
> - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
> - fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
> - improve color check for CropThreshold
> The build system now enables -Wall and -Werror by default, so pass
> --disable-werror to disable that. Notice that this issue has been fixed
> upstream post-2.2.3:
> https://github.com/libgd/libgd/issues/339
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list