-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Jul 2016 15:02:40 +0200 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 libgd-dbg libgd2-xpm-dev libgd2-noxpm-dev Architecture: source amd64 Version: 2.1.0-5+deb8u4 Distribution: jessie-security Urgency: high Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: libgd-dbg - Debug symbols for GD Graphics Library libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd2-noxpm-dev - GD Graphics Library (transitional package) libgd2-xpm-dev - GD Graphics Library (transitional package) libgd3 - GD Graphics Library Closes: 829014 829062 829694 Changes: libgd2 (2.1.0-5+deb8u4) jessie-security; urgency=high . * [CVE-2016-5766]: Fix Integer Overflow in _gd2GetHeader() resulting in heap overflow (Closes: #829014) * [CVE-2016-6128]: Fix invalid color index not handled, can lead to crash (Closes: #829062) * [CVE-2016-6161]: Add upstream patch to fix gif: avoid out-of-bound reads of masks array * [CVE-2016-6132]: Fix out-of-bounds read in the parsing of TGA files (Closes: #829694) * [CVE-2016-6214]: Fix read out-of-bands was found in TGA * [CVE-to-be-assigned]: Fix another out-of-bounds read in read_image_tga (upstream #248) * [CVE-2016-5116]: Fix xbm: avoid stack overflow (read) with large names Checksums-Sha1: ecd2566d277b728d92a2eade015a6eeb44652be2 2467 libgd2_2.1.0-5+deb8u4.dsc 31370d2bdc6b334791363958d00042676ed18c1e 42188 libgd2_2.1.0-5+deb8u4.debian.tar.xz c612d05bec4d776dc251abbcd1fa4171b2db3980 42170 libgd-tools_2.1.0-5+deb8u4_amd64.deb 694fddad0afeca74252a7fa96e303469623e8a57 285990 libgd-dev_2.1.0-5+deb8u4_amd64.deb cf5c751405d7ef91c0660b10661ac6e44f591650 147158 libgd3_2.1.0-5+deb8u4_amd64.deb da96ddec0407ea5ee86f2b2d48ae77590c46b32b 312798 libgd-dbg_2.1.0-5+deb8u4_amd64.deb 3907816e7b17db029304207345db05a26ab62311 1226 libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb c54558be2a2fb692c3721066c0d5ae2fdaff9bfe 1234 libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb Checksums-Sha256: 36f4108f39a7c0f94c3c6f7e82ded7fd97107a2ba562de53746e2cab3dfd149e 2467 libgd2_2.1.0-5+deb8u4.dsc 02d1970ea4764cea15586f5f9663cbfb20694f985f8bd50927912d481f1d61cc 42188 libgd2_2.1.0-5+deb8u4.debian.tar.xz 6f3d26ee2f2b3d4dbdef2e3c016ea8d961b4b2a8f11c9cb92fa5c9310fb7d3a6 42170 libgd-tools_2.1.0-5+deb8u4_amd64.deb 1a828e6d07c861f1664509f9b69c1cb976fa6500a32f44b042ecd7e3756c983a 285990 libgd-dev_2.1.0-5+deb8u4_amd64.deb 81c79acdb6280b5581f362e093447bb45b00b2cb12e08a2732a49f7ff98ecb4e 147158 libgd3_2.1.0-5+deb8u4_amd64.deb ef6ad931e8cb4202914e916e0ddb8752c64092adae56d6fd84badb3f3385ab09 312798 libgd-dbg_2.1.0-5+deb8u4_amd64.deb bdca1fb09a060f6855760cd8a61141b8c0edbb366f46935fae6c3798e04610c3 1226 libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb 0d88e7dbe42220e4136b5cb72813a8b1538c2fb28d5f467268185f3893408cc9 1234 libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb Files: 7406b8daef1a4a32288fb1917245e62b 2467 graphics optional libgd2_2.1.0-5+deb8u4.dsc 3f98fe92e5546e149a64c8c3a6cb175e 42188 graphics optional libgd2_2.1.0-5+deb8u4.debian.tar.xz 170f217cf2e9cc0c07c6303874565cec 42170 graphics optional libgd-tools_2.1.0-5+deb8u4_amd64.deb 480e518a04dbdf1675f35bf83901e104 285990 libdevel optional libgd-dev_2.1.0-5+deb8u4_amd64.deb f3dc95517656c2ecb67811d1c5cf0f27 147158 libs optional libgd3_2.1.0-5+deb8u4_amd64.deb 449b6edc19c751a319c66671239d96ac 312798 debug extra libgd-dbg_2.1.0-5+deb8u4_amd64.deb 7cbc6eaf10cf3847c139baa6887b0644 1226 oldlibs extra libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb e530298ac8fc56048d092f1aa1c67f2d 1234 oldlibs extra libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXiOAoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHMKIP/01h981oZSck38eG1cSfGUnf lIfC+JCADXSdEGP2lf0iVDnLteRDaopB7wCMUM1GbVrwxDOz4rsZxwC6pxz89iuv /ht0SPzxaSKpz0SQ5UEi/tOno2aDFfgFW9G8Cp/la96ipcMGYzcpUqyB+TXliL5G iAa6J7msxesgQ+4IUNrnLE+gqLyPEgP3Wga171lDf5AGd0BF+wD+I6oG4dBbW2VI TTHM3qi69SsNFPB7GQx88n0ZHJaukmPLmRq1LOB4mvv1R6qlxTzNvaO4K6mkzcCi il7MMEN7RKcoTCSRO4useHZy2q1oViZdcnU9d56iqDeirokaNK07wF562M1/lqzb ovXUcjh4MiILTA3alx0Z70Vmtv11ROamHPQApjiD5PbFnj1mCjiNYfrjRtKmCIQL dv7x0nsUerGVJxqmyuhLVah5zMIPQafQMwqSSm0BLDscgtkeVUxpTUn06wVFReJi 0znG53cztxdDN09+ULGie2JyLp3egOjM+ZK3w0sjhMUuCZ7Dm2ZZ4eKrGOVCJ2I6 6ZbitGLOgUfWdEEpuyqduHlfgutQg8EySFEh81T9ZV9iW00XMne+H89BTsFNkpFB zWD7zy7Wcb+8llyQuH4U1zp0z5M8A7/y+IYmSbffaHI8mDDr0XsAzpKzXAbi7rtZ b9TOaT/yuTI3m8hnoTOY =gJe0 -----END PGP SIGNATURE-----