Bug 213023 - security/vuxml: Security vulnerability in libgd, php56-gd and php70-gd
Summary: security/vuxml: Security vulnerability in libgd, php56-gd and php70-gd
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Mark Felder
URL:
Keywords: patch, security
Depends on:
Blocks: 213020
  Show dependency treegraph
 
Reported: 2016-09-27 14:06 UTC by VK
Modified: 2016-10-12 01:28 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
Add libgd, php56-gd, php70-gd vulns to vuxml (1.58 KB, patch)
2016-09-27 14:06 UTC, VK
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-09-27 14:06:25 UTC
Created attachment 175199 [details]
Add libgd, php56-gd, php70-gd vulns to vuxml

Add vuln entries for libgd, php56-gd and php70-gd. CC maintainers of php56-gd and php70-gd.

* Issue (with further links): https://github.com/libgd/libgd/issues/308

Note: The PHP issue is #73003, and the patches were added to master before the 5.6.26 and 7.0.11 were tagged, however it looks to me the fix did not end up in those PHP versions. The changelogs also don't mention #73003.

Someone please re-check after me, in case I missed something.
Comment 1 commit-hook freebsd_committer 2016-09-28 08:21:04 UTC
A commit references this bug:

Author: ale
Date: Wed Sep 28 08:20:47 UTC 2016
New revision: 422858
URL: https://svnweb.freebsd.org/changeset/ports/422858

Log:
  Fix integer overflow in gdImageWebpCtx and bump PORTREVISION.

  PR:		213023
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/graphics/php55-gd/Makefile
  head/graphics/php55-gd/files/patch-config.m4
  head/graphics/php55-gd/files/patch-libgd_gd_webp.c
  head/graphics/php56-gd/Makefile
  head/graphics/php56-gd/files/patch-config.m4
  head/graphics/php56-gd/files/patch-libgd_gd_webp.c
Comment 2 VK freebsd_triage 2016-10-01 08:39:58 UTC
Bump. Please note, ale@ fixed php, but no VuXML entry has been added for either.
Comment 3 Mark Felder freebsd_committer 2016-10-12 01:28:39 UTC
vuxml entry committed, thanks!
Comment 4 commit-hook freebsd_committer 2016-10-12 01:28:52 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:28:23 UTC 2016
New revision: 423816
URL: https://svnweb.freebsd.org/changeset/ports/423816

Log:
  Document libgd vulnerabilities

  PR:		213023

Changes:
  head/security/vuxml/vuln.xml