Date: Tue, 27 Sep 2016 13:27:17 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 213020] graphics/gd: Fix integer overflow in gdImageWebpCtx Message-ID: <bug-213020-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213020 Bug ID: 213020 Summary: graphics/gd: Fix integer overflow in gdImageWebpCtx Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/libgd/libgd/issues/308 OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: dinoex@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: ale@FreeBSD.org, dinoex@FreeBSD.org, ports-secteam@FreeBSD.org, tz@freebsd.org Attachment #175197 maintainer-approval?(dinoex@FreeBSD.org) Flags: Assignee: dinoex@FreeBSD.org Flags: maintainer-feedback?(dinoex@FreeBSD.org), merge-quarterly? CC: dinoex@FreeBSD.org Created attachment 175197 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D175197&action= =3Dedit Fix integer overflow in gdImageWebpCtx An integer overflow issue was found in function gdImageWebpCtx of file gd_webp.c which could lead to heap buffer overflow. * Upstream issue: https://github.com/libgd/libgd/issues/308 * Upstream commit: =20 https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facd= e03 * CVE request: http://seclists.org/oss-sec/2016/q3/626 Patch attached. Passes Poudriere build with 11.0-RELEASE amd64. Running bui= ld tests for 10.3 and 9.3. VuXML entry coming up. CC ports-secteam and maintainers of php70-gd and php56-gd. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213020-13>