Created attachment 175197 [details]
Fix integer overflow in gdImageWebpCtx
An integer overflow issue was found in function gdImageWebpCtx of file gd_webp.c which could lead to heap buffer overflow.
* Upstream issue:
* Upstream commit:
* CVE request:
Patch attached. Passes Poudriere build with 11.0-RELEASE amd64. Running build tests for 10.3 and 9.3.
VuXML entry coming up.
CC ports-secteam and maintainers of php70-gd and php56-gd.
Passes Poudriere builds for 10.3-p9 and 9.3-p47, both amd64.
Maintainer timeout, back to the pool.
option is disabled, so the patch is a no op
marked for later.
A commit references this bug:
Date: Sun Oct 16 18:41:21 UTC 2016
New revision: 424078
- fix option WEBP
- make option WEBP default
- Security patch, port was not vulnerable
port was bot vulnerable, option was disabled.