Change log for libgd2 package in Ubuntu

175 of 137 results
Published in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
libgd2 (2.3.3-9ubuntu5) noble; urgency=medium

  * d/control: restore libheif-dev dependency (LP: #2061090).
    Remaining changes:
    - Drop the dependencies on libavif, libavif has an extensive rust
      dependency tree that makes it unsuitable for main.

 -- Vladimir Petko <email address hidden>  Tue, 16 Apr 2024 20:23:30 +1200

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
libgd2 (2.3.3-9ubuntu4) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 07:49:00 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
libgd2 (2.3.3-9ubuntu3) noble; urgency=medium

  * Rebuild against new libpng16-16t64.

 -- Gianfranco Costamagna <email address hidden>  Tue, 19 Mar 2024 14:18:01 +0100
Superseded in noble-proposed
libgd2 (2.3.3-9ubuntu2) noble; urgency=medium

  * No-change rebuild against libpng16-16t64

 -- Steve Langasek <email address hidden>  Thu, 29 Feb 2024 07:03:22 +0000

Available diffs

Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
libgd2 (2.3.3-9ubuntu1) mantic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Drop the dependencies on libavif and libheif; libheif is blocked on a
      Main Inclusion Request, and libavif has an extensive rust dependency
      tree that makes it unsuitable for main.

Available diffs

Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
libgd2 (2.3.3-7ubuntu2) lunar; urgency=medium

  * Rebuild against latest tiff

 -- Jeremy Bicha <email address hidden>  Sat, 04 Feb 2023 07:28:10 -0500

Available diffs

Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
libgd2 (2.3.3-7ubuntu1) lunar; urgency=medium

  * Drop the dependencies on libavif and libheif; libheif is blocked on a
    Main Inclusion Request, and libavif has an extensive rust dependency tree
    that makes it unsuitable for main.

 -- Steve Langasek <email address hidden>  Mon, 07 Nov 2022 23:28:26 +0000
Superseded in lunar-proposed
libgd2 (2.3.3-7) unstable; urgency=medium

  * Switch the d/watch to api.github.com
  * Actually enable libavif and libheif support by adding it to Build-Depends

 -- Ondřej Surý <email address hidden>  Mon, 24 Oct 2022 12:44:39 +0200
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
libgd2 (2.3.3-6) unstable; urgency=medium

  * Add libwebp-dev to libgd-dev Depends (Closes: #1014759)

 -- Ondřej Surý <email address hidden>  Sat, 16 Jul 2022 06:25:19 +0200
Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
libgd2 (2.3.0-2ubuntu2) jammy; urgency=medium

  * No-change rebuild against latest libwebp

 -- Jeremy Bicha <email address hidden>  Tue, 01 Feb 2022 09:24:16 -0500

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
libgd2 (2.3.0-2ubuntu1) impish; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
      reading tga header file in src/gd_tga.c.
    - CVE-2021-38115
  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2021-40145-*.patch: fix a memory leak in
      src/gd_gd2.c.
    - CVE-2021-40145

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 09 Sep 2021 09:29:48 -0300
Published in bionic-updates
Published in bionic-security
libgd2 (2.2.5-4ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2017-6363-*.patch: make sure transparent
      palette index is within bounds in src/gd_gd.c and add tests in
      tests/gd/bug00383.c, tests/gd/CMakeLists.txt, tests/gd/Makemodule.am,
      tests/gd2/bug00383.c, tests/gd2/CMakeLists.txt, test/gd2/Makemodule.am.
    - CVE-2017-6363
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
      reading tga header file in src/gd_tga.c.
    - CVE-2021-38115
  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2021-40145.patch: fix a memory leak in
      src/gd_gd2.c.
    - CVE-2021-40145

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 30 Aug 2021 16:10:11 -0300
Obsolete in hirsute-updates
Obsolete in hirsute-security
libgd2 (2.3.0-2ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
      reading tga header file in src/gd_tga.c.
    - CVE-2021-38115
  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2021-40145.patch: fix a memory leak in
      src/gd_gd2.c.
    - CVE-2021-40145

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 30 Aug 2021 16:04:03 -0300
Published in focal-updates
Published in focal-security
libgd2 (2.2.5-5.2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2017-6363-*.patch: make sure transparent
      palette index is within bounds in src/gd_gd.c and add tests in
      tests/gd/bug00383.c, tests/gd/CMakeLists.txt, tests/gd/Makemodule.am,
      tests/gd2/bug00383.c, tests/gd2/CMakeLists.txt, test/gd2/Makemodule.am.
    - CVE-2017-6363
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
      reading tga header file in src/gd_tga.c.
    - CVE-2021-38115
  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2021-40145.patch: fix a memory leak in
      src/gd_gd2.c.
    - CVE-2021-40145

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 30 Aug 2021 15:10:22 -0300
Superseded in impish-release
Obsolete in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
libgd2 (2.3.0-2) unstable; urgency=medium

  * Add patch to fix gdImageStringFT() fails for empty strings
    (Closes: #959591)

 -- Ondřej Surý <email address hidden>  Wed, 06 May 2020 16:11:29 +0200
Superseded in groovy-proposed
libgd2 (2.3.0-1) unstable; urgency=medium

  * New upstream version 2.3.0

 -- Ondřej Surý <email address hidden>  Fri, 24 Apr 2020 09:41:29 +0200
Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release)
libgd2 (2.2.5-5.2ubuntu2) focal; urgency=medium

  * No change rebuild.

 -- Tiago Stürmer Daitx <email address hidden>  Thu, 16 Apr 2020 15:43:03 +0000
Published in xenial-updates
Published in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553
  * SECURITY UPDATE: possible read of uninitialized variable in
    gdImageCreateFromXbm()
    - debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
      input in src/gd_xbm.c.
    - debian/patches/CVE-2019-11038-test.patch: add a test for
      CVE-2019-11038.patch.
    - debian/patches/CVE-2019-11038-test-functions.patch: add functions for
      CVE-2019-11038-test.patch.
    - CVE-2019-11038

 -- Avital Ostromich <email address hidden>  Thu, 26 Mar 2020 13:51:51 -0400
Superseded in focal-proposed
Deleted in focal-security (Reason: Package accidentally uploaded to the wrong pocket by the ...)
libgd2 (2.2.5-5.2ubuntu1) focal; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553

 -- Avital Ostromich <email address hidden>  Thu, 05 Mar 2020 14:12:25 -0500
Superseded in bionic-updates
Superseded in bionic-security
libgd2 (2.2.5-4ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553
  * SECURITY UPDATE: possible read of uninitialized variable in
    gdImageCreateFromXbm()
    - debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
      input in src/gd_xbm.c.
    - debian/patches/CVE-2019-11038-test.patch: add a test for
      CVE-2019-11038.patch
    - CVE-2019-11038

 -- Avital Ostromich <email address hidden>  Mon, 09 Mar 2020 14:43:33 -0400
Obsolete in eoan-updates
Obsolete in eoan-security
libgd2 (2.2.5-5.2ubuntu0.19.10.1) eoan-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553

 -- Avital Ostromich <email address hidden>  Mon, 02 Mar 2020 14:41:51 -0500
Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
libgd2 (2.2.5-5.2) unstable; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm
    (Closes: #929821)

 -- Jonas Meurer <email address hidden>  Tue, 11 Jun 2019 16:21:57 +0200

Available diffs

Published in trusty-updates
Published in trusty-security
libgd2 (2.1.0-3ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden>  Wed, 27 Feb 2019 14:42:23 -0500
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden>  Wed, 27 Feb 2019 14:35:55 -0500
Superseded in bionic-updates
Superseded in bionic-security
libgd2 (2.2.5-4ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/Makemodule.am,
      tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden>  Wed, 27 Feb 2019 14:31:55 -0500
Obsolete in cosmic-updates
Obsolete in cosmic-security
libgd2 (2.2.5-4ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/Makemodule.am,
      tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden>  Wed, 27 Feb 2019 14:26:43 -0500
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
libgd2 (2.2.5-5.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Heap-based buffer overflow in gdImageColorMatch (CVE-2019-6977)
    (Closes: #920645)
  * Potential double-free in gdImage*Ptr() (CVE-2019-6978) (Closes: #920728)

 -- Salvatore Bonaccorso <email address hidden>  Sat, 02 Feb 2019 10:55:00 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
libgd2 (2.2.5-5) unstable; urgency=medium

  * Update Vcs-* links to salsa.d.o
  * Update maintainers address to <email address hidden> (Closes: #899928)
  * Remove Files-Excluded from d/copyright, the files just inherit the
    global license (Closes: #883760)

 -- Ondřej Surý <email address hidden>  Sun, 28 Oct 2018 22:20:23 +0000
Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
libgd2 (2.2.5-4ubuntu1) cosmic; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711
  * Removing flag -lgd from tests-make-a-little-change*
    patch.

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 10 Sep 2018 13:12:09 -0300
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.10) xenial-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 23 Aug 2018 12:13:57 -0300
Superseded in bionic-updates
Superseded in bionic-security
libgd2 (2.2.5-4ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 23 Aug 2018 12:15:43 -0300
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.10) trusty-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 23 Aug 2018 10:51:28 -0300
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
libgd2 (2.2.5-4) unstable; urgency=medium

  [ Jiří Paleček ]
  * Disable the test during build and run the testsuite through autopkgtest
    (Closes: #867003)
  * Make --as-needed work again

  [ Ondřej Surý ]
  * Get rid of libgd2*-dev traces (Closes: #879254)

 -- Ondřej Surý <email address hidden>  Sun, 22 Oct 2017 11:14:32 +0200

Available diffs

Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgd2 (2.2.5-3) unstable; urgency=medium

  * Disable gdimagerotate/bug00067 because it FTBFS on i386

 -- Ondřej Surý <email address hidden>  Tue, 05 Sep 2017 13:46:57 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgd2 (2.2.5-2ubuntu1) artful; urgency=medium

  [ Ondřej Surý ]
  * Disable gdimagerotate/bug00067 because it FTBFS on i386 (LP: #1717016)

 -- Balint Reczey <email address hidden>  Wed, 13 Sep 2017 22:03:26 +0200
Published in precise-updates
Published in precise-security
libgd2 (2.0.36~rc1~dfsg-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in gd_png.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 05 Sep 2017 09:24:22 -0300
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in src/gd_png.c also
      adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am,
      tests/png/bug00381_1.c, tests/png/bug00381_2.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 04 Sep 2017 18:55:20 -0300
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in src/gd_png.c also
      adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am,
      tests/png/bug00381_1.c, tests/png/bug00381_2.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 04 Sep 2017 17:23:24 -0300
Obsolete in zesty-updates
Obsolete in zesty-security
libgd2 (2.2.4-2ubuntu0.3) zesty-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in src/gd_png.c also
      adds tests in tests/png/CMakeLists.txt, tests/png/Makemodule.am,
      tests/png/bug00381_1.c, tests/png/bug00381_2.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 04 Sep 2017 14:03:54 -0300
Superseded in artful-proposed
libgd2 (2.2.5-2) unstable; urgency=medium

  * Fix OOB read due to crafted GD/GD2 images
  * Disable gdimagecopyresampled/bug00201 that makes some platforms to FTBFS

 -- Ondřej Surý <email address hidden>  Mon, 04 Sep 2017 09:43:31 +0200

Available diffs

Superseded in artful-proposed
libgd2 (2.2.5-1) unstable; urgency=high

  * New upstream version 2.2.5
   + [CVE-2017-6362]: Double-free in gdImagePngPtr().
   + [CVE-2017-7890]: Buffer over-read into uninitialized memory.
  * Update d/watch for the github releases
  * Refresh patches for the 2.2.5 release

 -- Ondřej Surý <email address hidden>  Wed, 30 Aug 2017 14:21:43 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgd2 (2.2.4-2ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak and adding test in src/gd_gif_in.c,
      tests/gif/CMakeLists.txt, tests/gif/MakeModule.am,
      tests/gif/uninitialized_memory_read.c,
      tests/gif/unitialized_memory_read.gif.
    - CVE-2017-7890
  * Fixing test fail for freetype 2.7
    - debian/patches/fix-test-fails-freetype2_7.patch: disable
      subpixel hinting in tests/freetype/bug00132.c,
      tests/gdimagestringft/gdimagestrinft_bbox.c

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 10 Aug 2017 14:17:46 -0300
Superseded in zesty-updates
Superseded in zesty-security
libgd2 (2.2.4-2ubuntu0.2) zesty-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak and adding test in src/gd_gif_in.c,
      tests/gif/CMakeLists.txt, tests/gif/MakeModule.am,
      tests/gif/uninitialized_memory_read.c,
      tests/gif/unitialized_memory_read.gif.
    - CVE-2017-7890
  * Fixing test fail for freetype 2.7
    - debian/patches/fix-test-fails-freetype2_7.patch: disable
      subpixel hinting in tests/freetype/bug00132.c,
      tests/gdimagestringft/gdimagestrinft_bbox.c

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 10 Aug 2017 18:55:38 -0300
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak and adding test in src/gd_gif_in.c,
      tests/gif/CMakeLists.txt, tests/MakeModule.am,
      tests/gif/uninitialized_memory_read.c,
      tests/gif/unitialized_memory_read.gif.
    - CVE-2017-7890

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 10 Aug 2017 15:59:01 -0300
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.7) trusty-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak and adding test in src/gd_gif_in.c,
      tests/gif/CMakeLists.txt, tests/MakeModule.am,
      tests/gif/uninitialized_memory_read.c,
      tests/gif/unitialized_memory_read.gif.
    - CVE-2017-7890

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 10 Aug 2017 19:17:28 -0300
Superseded in precise-updates
Superseded in precise-security
libgd2 (2.0.36~rc1~dfsg-6ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden>  Tue, 28 Feb 2017 11:05:46 -0500
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: potential unsigned underflow
    - debian/patches/CVE-2016-10166.patch: refactor loop in
      src/gd_interpolation.c.
    - CVE-2016-10166
  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: OOB reads of the TGA decompression buffer
    - debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-1.patch: check for overflow in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-2.patch: add another overflow check in
      src/gd_tga.c.
    - CVE-2016-6906
  * SECURITY UPDATE: double-free in gdImageWebPtr()
    - debian/patches/CVE-2016-6912.patch: add helper function to indicate
      failure in src/gd_webp.c.
    - CVE-2016-6912
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      src/gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in
      src/gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden>  Tue, 28 Feb 2017 10:37:45 -0500
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: potential unsigned underflow
    - debian/patches/CVE-2016-10166.patch: refactor loop in
      src/gd_interpolation.c.
    - CVE-2016-10166
  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: OOB reads of the TGA decompression buffer
    - debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-1.patch: check for overflow in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-2.patch: add another overflow check in
      src/gd_tga.c.
    - CVE-2016-6906
  * SECURITY UPDATE: double-free in gdImageWebPtr()
    - debian/patches/CVE-2016-6912.patch: add helper function to indicate
      failure in src/gd_webp.c.
    - CVE-2016-6912
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      src/gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in
      src/gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden>  Tue, 28 Feb 2017 10:29:32 -0500
Obsolete in yakkety-updates
Obsolete in yakkety-security
libgd2 (2.2.1-1ubuntu3.3) yakkety-security; urgency=medium

  * SECURITY UPDATE: potential unsigned underflow
    - debian/patches/CVE-2016-10166.patch: refactor loop in
      src/gd_interpolation.c.
    - CVE-2016-10166
  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: OOB reads of the TGA decompression buffer
    - debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-1.patch: check for overflow in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-2.patch: add another overflow check in
      src/gd_tga.c.
    - CVE-2016-6906
  * SECURITY UPDATE: double-free in gdImageWebPtr()
    - debian/patches/CVE-2016-6912.patch: add helper function to indicate
      failure in src/gd_webp.c.
    - CVE-2016-6912
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      src/gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in
      src/gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden>  Tue, 28 Feb 2017 09:47:34 -0500
Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
libgd2 (2.2.4-2) unstable; urgency=medium

  * Apply correct patch on tiff_invalid_read

 -- Ondřej Surý <email address hidden>  Wed, 18 Jan 2017 21:06:46 +0100

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
libgd2 (2.2.4-1) unstable; urgency=medium

  * New upstream version 2.2.4
  * Rebase patches on top of libgd-2.2.4 release
  * Disable tiff/tiff_invalid_read test

 -- Ondřej Surý <email address hidden>  Wed, 18 Jan 2017 12:11:06 +0100

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
libgd2 (2.2.3-87-gd0fec80-3) unstable; urgency=medium

  * Disable tests/gdimagegrayscale as it breaks the 32-bit builds

 -- Ondřej Surý <email address hidden>  Mon, 07 Nov 2016 09:37:59 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
libgd2 (2.2.1-1ubuntu4) zesty; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      src/gd_io_dp.c, check return code in src/gd_tiff.c.
    - CVE-2016-6911
  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow in gdImageWebpCtx
    - debian/patches/CVE-2015-7568.patch: check for overflow in
      src/gd_webp.c.
    - CVE-2016-7568
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in src/gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden>  Tue, 01 Nov 2016 14:44:48 -0400

Available diffs

Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      src/gd_io_dp.c, check return code in src/gd_tiff.c.
    - CVE-2016-6911
  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow in gdImageWebpCtx
    - debian/patches/CVE-2015-7568.patch: check for overflow in
      src/gd_webp.c.
    - CVE-2016-7568
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in src/gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 14:18:07 +0200
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      src/gd_io_dp.c, check return code in src/gd_tiff.c.
    - CVE-2016-6911
  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow in gdImageWebpCtx
    - debian/patches/CVE-2015-7568.patch: check for overflow in
      src/gd_webp.c.
    - CVE-2016-7568
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in src/gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 14:16:31 +0200
Superseded in precise-updates
Superseded in precise-security
libgd2 (2.0.36~rc1~dfsg-6ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      gd_io_dp.c.
    - CVE-2016-6911
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 14:24:19 +0200
Superseded in yakkety-updates
Superseded in yakkety-security
libgd2 (2.2.1-1ubuntu3.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      src/gd_io_dp.c, check return code in src/gd_tiff.c.
    - CVE-2016-6911
  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow in gdImageWebpCtx
    - debian/patches/CVE-2015-7568.patch: check for overflow in
      src/gd_webp.c.
    - CVE-2016-7568
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in src/gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden>  Tue, 18 Oct 2016 14:10:38 +0200
Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
libgd2 (2.2.1-1ubuntu3) yakkety; urgency=medium

  * SECURITY UPDATE: out of bounds read in TGA file parsing
    - debian/patches/CVE-2016-6132.patch: properly validate image data in
      src/gd_tga.c.
    - CVE-2016-6132
  * SECURITY UPDATE: OOB or OOM in gdImageScale
    - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
      and check return codes in src/gd.c, src/gd_interpolation.c.
    - CVE-2016-6207
  * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
    bpp/alphabit combinations
    - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
    - CVE-2016-6214

 -- Marc Deslauriers <email address hidden>  Wed, 10 Aug 2016 13:55:18 -0400
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: out of bounds read in TGA file parsing
    - debian/patches/CVE-2016-6132.patch: properly validate image data in
      src/gd_tga.c.
    - CVE-2016-6132
  * SECURITY UPDATE: OOB or OOM in gdImageScale
    - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
      and check return codes in src/gd.c, src/gd_interpolation.c.
    - CVE-2016-6207
  * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
    bpp/alphabit combinations
    - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
    - CVE-2016-6214

 -- Marc Deslauriers <email address hidden>  Tue, 09 Aug 2016 09:38:28 -0400
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: out of bounds read in TGA file parsing
    - debian/patches/CVE-2016-6132.patch: properly validate image data in
      src/gd_tga.c.
    - CVE-2016-6132
  * SECURITY UPDATE: OOB or OOM in gdImageScale
    - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
      and check return codes in src/gd.c, src/gd_interpolation.c.
    - CVE-2016-6207
  * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
    bpp/alphabit combinations
    - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
    - CVE-2016-6214

 -- Marc Deslauriers <email address hidden>  Tue, 09 Aug 2016 09:51:31 -0400
Superseded in yakkety-proposed
libgd2 (2.2.1-1ubuntu2) yakkety; urgency=medium

  * No-change rebuild against libwebp6

 -- Iain Lane <email address hidden>  Mon, 08 Aug 2016 13:22:20 +0100

Available diffs

Obsolete in wily-updates
Obsolete in wily-security
libgd2 (2.1.1-4ubuntu0.15.10.2) wily-security; urgency=medium

  * SECURITY UPDATE: stack overflow with large names
    - debian/patches/CVE-2016-5116.patch: properly handle names in
      src/gd_xbm.c.
    - CVE-2016-5116
  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in
      src/gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: denial of service via invalid color index
    - debian/patches/CVE-2016-6128.patch: check color index in
      src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
      tests/gdimagecrop/php_bug_72494.c.
    - CVE-2016-6128
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      src/gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <email address hidden>  Fri, 08 Jul 2016 14:40:07 -0400
Superseded in precise-updates
Superseded in precise-security
libgd2 (2.0.36~rc1~dfsg-6ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <email address hidden>  Fri, 08 Jul 2016 14:52:13 -0400
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: out of bounds read in gdImageScaleTwoPass
    - debian/patches/CVE-2013-7456.patch: properly handle window size in
      src/gd_interpolation.c.
    - CVE-2013-7456
  * SECURITY UPDATE: stack overflow with large names
    - debian/patches/CVE-2016-5116.patch: properly handle names in
      src/gd_xbm.c.
    - CVE-2016-5116
  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in
      src/gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: denial of service via invalid color index
    - debian/patches/CVE-2016-6128.patch: check color index in
      src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
      tests/gdimagecrop/php_bug_72494.c.
    - CVE-2016-6128
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      src/gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <email address hidden>  Fri, 08 Jul 2016 14:41:51 -0400
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: stack overflow with large names
    - debian/patches/CVE-2016-5116.patch: properly handle names in
      src/gd_xbm.c.
    - CVE-2016-5116
  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in
      src/gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: denial of service via invalid color index
    - debian/patches/CVE-2016-6128.patch: check color index in
      src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
      tests/gdimagecrop/php_bug_72494.c.
    - CVE-2016-6128
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      src/gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <email address hidden>  Fri, 08 Jul 2016 14:22:56 -0400
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
libgd2 (2.2.1-1ubuntu1) yakkety; urgency=medium

  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in
      src/gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: denial of service via invalid color index
    - debian/patches/CVE-2016-6128.patch: check color index in
      src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
      tests/gdimagecrop/.gitignore, tests/gdimagecrop/CMakeLists.txt,
      tests/gdimagecrop/Makemodule.am, tests/gdimagecrop/php_bug_72494.c.
    - CVE-2016-6128

 -- Marc Deslauriers <email address hidden>  Fri, 08 Jul 2016 14:05:30 -0400
Superseded in precise-updates
Superseded in precise-security
libgd2 (2.0.36~rc1~dfsg-6ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted color table in XPM file
    - debian/patches/CVE-2014-2497.patch: avoid null-pointer dereference in
      gdxpm.c.
    - CVE-2014-2497
  * SECURITY UPDATE: denial of service via crafted GIF image
    - debian/patches/CVE-2014-9709-1.patch: fix buffer read overflow in
      gd_gif_in.c.
    - debian/patches/CVE-2014-9709-2.patch: move overflow test outside the
      loop in gd_gif_in.c.
    - CVE-2014-9709
  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <email address hidden>  Thu, 26 May 2016 10:01:57 -0400
Superseded in trusty-updates
Superseded in trusty-security
libgd2 (2.1.0-3ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted color table in XPM file
    - debian/patches/CVE-2014-2497.patch: avoid null-pointer dereference in
      src/gdxpm.c.
    - CVE-2014-2497
  * SECURITY UPDATE: denial of service via crafted GIF image
    - debian/patches/CVE-2014-9709-1.patch: fix buffer read overflow in
      src/gd_gif_in.c.
    - debian/patches/CVE-2014-9709-2.patch: move overflow test outside the
      loop in src/gd_gif_in.c.
    - CVE-2014-9709
  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
    - debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
      src/gd_interpolation.c.
    - CVE-2015-8877
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      src/gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <email address hidden>  Thu, 26 May 2016 09:29:04 -0400
Superseded in wily-updates
Superseded in wily-security
libgd2 (2.1.1-4ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
    - debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
      src/gd_interpolation.c.
    - CVE-2015-8877
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      src/gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <email address hidden>  Thu, 26 May 2016 09:26:13 -0400
Superseded in xenial-updates
Superseded in xenial-security
libgd2 (2.1.1-4ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
    - debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
      src/gd_interpolation.c.
    - CVE-2015-8877
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      src/gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <email address hidden>  Thu, 26 May 2016 09:22:19 -0400
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
libgd2 (2.2.1-1) unstable; urgency=medium

  [ Salvatore Bonaccorso ]
  * Imported Debian patch 2.1.1-4.1

  [ Ondřej Surý ]
  * Imported Upstream version 2.2.0
  * Delete obsolete patches
  * Don't install obsolete gdlib-config
  * [CVE-2015-8874]: Stack consumption vulnerability in GD allows remote
    attackers to cause a denial of service via a crafted imagefilltoborder
    call
  * Build with libwebp-dev instead of old libvpx-dev
  * Initialize full_filename in tests/gdimagefile/gdnametest.c
  * Imported Upstream version 2.2.1
  * CVE-2015-8874 is now fixed in the upstream release

 -- Ondřej Surý <email address hidden>  Mon, 23 May 2016 14:39:37 +0200

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
libgd2 (2.1.1-4.1) unstable; urgency=high

  * Non-maintainer upload (with Ondrej's approval directly uploaded)
  * CVE-2016-3074: Signedness vulnerability causing heap overflow
    (Closes: #822242)

 -- Salvatore Bonaccorso <email address hidden>  Sat, 23 Apr 2016 10:49:43 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
libgd2 (2.1.1-4build3) yakkety; urgency=medium

  * No-change rebuild for libpng soname change.

 -- Matthias Klose <email address hidden>  Sat, 23 Apr 2016 00:13:31 +0000

Available diffs

Superseded in yakkety-release
Published in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
libgd2 (2.1.1-4build2) xenial; urgency=medium

  * Rebuild against libvpx3.

 -- Colin Watson <email address hidden>  Thu, 07 Jan 2016 00:57:20 +0000

Available diffs

Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release)
libgd2 (2.1.1-4build1) wily; urgency=medium

  * No-change rebuild against new libvpx

 -- Iain Lane <email address hidden>  Fri, 24 Jul 2015 17:58:20 +0100
175 of 137 results