Bug 213023

Summary: security/vuxml: Security vulnerability in libgd, php56-gd and php70-gd
Product: Ports & Packages Reporter: VK <vlad-fbsd>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Only Me CC: ale, feld, tz
Priority: --- Keywords: patch, security
Version: LatestFlags: bugzilla: maintainer-feedback? (ports-secteam)
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213020
Bug Depends on:    
Bug Blocks: 213020    
Attachments:
Description Flags
Add libgd, php56-gd, php70-gd vulns to vuxml none

Description VK 2016-09-27 14:06:25 UTC
Created attachment 175199 [details]
Add libgd, php56-gd, php70-gd vulns to vuxml

Add vuln entries for libgd, php56-gd and php70-gd. CC maintainers of php56-gd and php70-gd.

* Issue (with further links): https://github.com/libgd/libgd/issues/308

Note: The PHP issue is #73003, and the patches were added to master before the 5.6.26 and 7.0.11 were tagged, however it looks to me the fix did not end up in those PHP versions. The changelogs also don't mention #73003.

Someone please re-check after me, in case I missed something.
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-09-28 08:21:04 UTC
A commit references this bug:

Author: ale
Date: Wed Sep 28 08:20:47 UTC 2016
New revision: 422858
URL: https://svnweb.freebsd.org/changeset/ports/422858

Log:
  Fix integer overflow in gdImageWebpCtx and bump PORTREVISION.

  PR:		213023
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/graphics/php55-gd/Makefile
  head/graphics/php55-gd/files/patch-config.m4
  head/graphics/php55-gd/files/patch-libgd_gd_webp.c
  head/graphics/php56-gd/Makefile
  head/graphics/php56-gd/files/patch-config.m4
  head/graphics/php56-gd/files/patch-libgd_gd_webp.c
Comment 2 VK 2016-10-01 08:39:58 UTC
Bump. Please note, ale@ fixed php, but no VuXML entry has been added for either.
Comment 3 Mark Felder freebsd_committer freebsd_triage 2016-10-12 01:28:39 UTC
vuxml entry committed, thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-10-12 01:28:52 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:28:23 UTC 2016
New revision: 423816
URL: https://svnweb.freebsd.org/changeset/ports/423816

Log:
  Document libgd vulnerabilities

  PR:		213023

Changes:
  head/security/vuxml/vuln.xml