diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-01-03 15:42:52 +0100 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-01-04 17:01:42 +0100 |
| commit | 81dc283a00a6c1ed73bcb273b3ab23fc37a3a267 (patch) | |
| tree | cb106b504b7df43b288ce159b239c60095b462fd /package/perl/perl.hash | |
| parent | 4153e9f25a80cfb29b207b40d4eeda78d8799caf (diff) | |
| download | buildroot-81dc283a00a6c1ed73bcb273b3ab23fc37a3a267.tar.gz buildroot-81dc283a00a6c1ed73bcb273b3ab23fc37a3a267.zip | |
gd: security bump to version 2.2.3
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:
- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes
the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- improve color check for CropThreshold
The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that. Notice that this issue has been fixed
upstream post-2.2.3:
https://github.com/libgd/libgd/issues/339
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/perl/perl.hash')
0 files changed, 0 insertions, 0 deletions
