Univention Bugzilla – Full Text Bug Listing |
Summary: | libgd2: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) NVD RedHat |
Description
Quality Assurance
2019-02-04 08:24:34 CET
--- mirror/ftp/4.2/unmaintained/4.2-4/source/libgd2_2.1.0-5+deb8u11.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libgd2_2.1.0-5+deb8u12.dsc @@ -1,3 +1,18 @@ +2.1.0-5+deb8u12 [Wed, 30 Jan 2019 19:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-6977 + Fix for potential double free in gdImage*Ptr() + * CVE-2019-6978 + Fix for a heap-based buffer overflow, exploitable with + crafted image data. + * CVE-2018-1000222 + Fix for a double free vulnerability by a crafted image, + that can result in remote code execution. + * CVE-2018-5711 + Fix for a integer signedness error that leads to an + infinite loop via a crafted GIF file. + 2.1.0-5+deb8u11 [Thu, 31 Aug 2017 14:31:50 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.2-5/#1313933890487732393> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] e562406233 Bug #48596: libgd2 2.1.0-5+deb8u12 doc/errata/staging/libgd2.yaml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) [4.2-5] 3507e26140 Bug #48596: libgd2 2.1.0-5+deb8u12 doc/errata/staging/libgd2.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) |