[Secure-testing-commits] r47260 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Tue Dec 20 22:17:41 UTC 2016
Author: opal
Date: 2016-12-20 22:17:41 +0000 (Tue, 20 Dec 2016)
New Revision: 47260
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Libgd2 information.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-20 21:24:00 UTC (rev 47259)
+++ data/CVE/list 2016-12-20 22:17:41 UTC (rev 47260)
@@ -435,8 +435,11 @@
RESERVED
{DSA-3732-1}
- libgd2 2.2.2-29-g3c2b605-1
+ NOTE: This problem could be seen as a programmer fault but the fix is easy and
+ NOTE: the effect is rather dramatic so it should be fixed anyway.
NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2)
NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
+ NOTE: GD release info: https://libgd.github.io/release-2.2.2.html
- php7.0 7.0.13-1 (unimportant)
- php5 <unfixed> (unimportant)
NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-12-20 21:24:00 UTC (rev 47259)
+++ data/dla-needed.txt 2016-12-20 22:17:41 UTC (rev 47260)
@@ -36,6 +36,11 @@
libdbd-mysql-perl (Chris Lamb)
NOTE: Jessie has almost identical code, would be great to fix as well
--
+libgd2
+ NOTE: Php is vulnerable but uses system libgd so as soon as libgd is fixed the problem
+ NOTE: is solved for php too. So when libgd2 is updated, please update the information
+ NOTE: for this CVE also for php.
+--
libical
--
libxml-twig-perl
More information about the Secure-testing-commits
mailing list