[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
libgd security update
From: |
Leo Famulari |
Subject: |
libgd security update |
Date: |
Fri, 15 Jul 2016 16:32:12 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
Several security vulnerabilities in libgd have been discovered recently,
and today Debian issued a security update:
https://lists.debian.org/debian-security-announce/2016/msg00197.html
The first patch updates libgd to the latest release, 2.2.2, fixing some
of the bugs.
For the remaining bugs, I've taken patches from the master branch of the
libgd Git repo.
Two of the patches included binary files to be used in tests, which
`patch` cannot handle, so I've removed those parts of the patches.
This patch series was not trivial to create; removing the binary diffs
required some care, some of the patches depended on changes associated
with the removed binary diffs, and some upstream fixes were reverted and
re-committed with changes. Will someone double-check this patch series
for mistakes?
0001-gnu-gd-Update-to-2.2.2-fixes-CVE-2016-5767-6161.patch
Description: Text Data
0002-gnu-gd-Fix-CVE-2016-5766-6128-6132-6214.patch
Description: Text Data
signature.asc
Description: PGP signature
- libgd security update,
Leo Famulari <=