Univention Bugzilla – Bug 48614
libgd2: Multiple issues (4.3)
Last modified: 2019-02-06 12:35:54 CET
New Debian libgd2 2.2.4-2+deb9u4 fixes: This update addresses the following issues: * heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() (CVE-2019-6977) * double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/libgd2_2.2.4-2+deb9u3.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/libgd2_2.2.4-2+deb9u4.dsc @@ -1,3 +1,10 @@ +2.2.4-2+deb9u4 [Sat, 02 Feb 2019 10:49:03 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Heap-based buffer overflow in gdImageColorMatch (CVE-2019-6977) + (Closes: #920645) + * Potential double-free in gdImage*Ptr() (CVE-2019-6978) (Closes: #920728) + 2.2.4-2+deb9u3 [Fri, 07 Sep 2018 19:29:19 +0200] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2018-1000222 (Closes: #906886) <http://10.200.17.11/4.3-3/#5206413667538209666>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] ef01bd34de Bug #48614: libgd2 2.2.4-2+deb9u4 doc/errata/staging/libgd2.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.3/413.html>