projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d06e23e)
gd: security bump to version 2.2.4
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Thu, 19 Jan 2017 13:44:51 +0000 (10:44 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 19 Jan 2017 14:09:12 +0000 (15:09 +0100)
Fixes:
CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and
as such is prone to DoS vulnerabilities.
CVE-2016-6912 - double-free in gdImageWebPtr()
(without CVE):
Potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Signed Integer Overflow gd_io.c

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/gd/gd.hash patch | blob | history
package/gd/gd.mk patch | blob | history

diff --git a/package/gd/gd.hash b/package/gd/gd.hash
index eb3da4274d2dfc0fb7354b8b91d44aab8541a65c..a1991b1820159beb8fc8b308640d343683f282cb 100644 (file)
--- a/package/gd/gd.hash
+++ b/package/gd/gd.hash
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 746b6cbd6769a22ff3ba6f5756f3512a769bd4cdf4695dff17f4867f25fa7d3c        libgd-2.2.3.tar.xz
+sha256 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6        libgd-2.2.4.tar.xz
diff --git a/package/gd/gd.mk b/package/gd/gd.mk
index 0777bdb1299e698c43b819ad1e25fb546a9dcf57..63d16eb3ca6aff2868bc4486dda6a258bb1bd55b 100644 (file)
--- a/package/gd/gd.mk
+++ b/package/gd/gd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GD_VERSION = 2.2.3
+GD_VERSION = 2.2.4
 GD_SOURCE = libgd-$(GD_VERSION).tar.xz
 GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
 GD_INSTALL_STAGING = YES