[Secure-testing-commits] r32920 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-03-16 18:49:24 +0000 (Mon, 16 Mar 2015)
New Revision: 32920

Modified:
   data/CVE/list
Log:
Add "new" issue in libgd2 and php5

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-16 15:58:46 UTC (rev 32919)
+++ data/CVE/list	2015-03-16 18:49:24 UTC (rev 32920)
@@ -39,6 +39,13 @@
 CVE-2015-XXXX [Incomplete fix for CVE-2014-9740]
 	- icu <unfixed> (bug #780503)
 	[wheezy] - icu <not-affected> (Incomplete patch was never applied)
+CVE-2014-XXXX [gd: buffer read overflow in gd_gif_in.c]
+	- libgd2 2.1.0-5
+	- php5 5.6.5+dfsg-1
+	NOTE: https://bugs.php.net/bug.php?id=68601
+	NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c
+	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
 CVE-2009-XXXX [memmory leak in hostname TLS extension]
 	- openssl 0.9.8g-1
 	NOTE: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424