Summary: | graphics/gd - upgrade and fix a potential DOS | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Mikhail Teterin <mi> | ||||||
Component: | Individual Port(s) | Assignee: | Torsten Zuehlsdorff <tz> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Some People | CC: | tz | ||||||
Priority: | --- | Keywords: | easy, patch | ||||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(dinoex) tz: merge-quarterly+ |
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Bug Depends on: | |||||||||
Bug Blocks: | 217222 | ||||||||
Attachments: |
|
Description
Mikhail Teterin
![]() ![]() Created attachment 195061 [details]
Upgrade graphics/gd to 2.2.5
This version contains the TEST_TARGET -- all tests pass for me here...
Since this seems to run into maintainer-timeout i just started a build-test for this patch including all its 80 dependencies. A commit references this bug: Author: tz Date: Fri Jul 27 07:39:14 UTC 2018 New revision: 475415 URL: https://svnweb.freebsd.org/changeset/ports/475415 Log: graphics/gd: Update from 2.2.4 to 2.2.5 This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin <mi@FreeBSD.org> Approved by: maintainer timeout (dinoex, 2 weeks) MFH: 2018Q3 Security: CVE-2017-6362 Security: CVE-2017-7890 Changes: head/graphics/gd/Makefile head/graphics/gd/distinfo head/graphics/gd/files/patch-gd_gif_in.c head/graphics/gd/pkg-plist A commit references this bug: Author: tz Date: Fri Jul 27 12:35:22 UTC 2018 New revision: 475431 URL: https://svnweb.freebsd.org/changeset/ports/475431 Log: MFH: r475415 graphics/gd: Update from 2.2.4 to 2.2.5 This update fixes 2 security issues: - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) Full Changelog: https://github.com/libgd/libgd/blob/gd-2.2.5/CHANGELOG.md PR: 229707 Submitted by: Mikhail Teterin <mi@FreeBSD.org> Approved by: maintainer timeout (dinoex, 2 weeks) Security: CVE-2017-6362 Security: CVE-2017-7890 Approved by: ports-secteam (miwi) Changes: _U branches/2018Q3/ branches/2018Q3/graphics/gd/Makefile branches/2018Q3/graphics/gd/distinfo branches/2018Q3/graphics/gd/files/patch-gd_gif_in.c branches/2018Q3/graphics/gd/pkg-plist Committed and MFH'd :) Thanks! |