-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 31 Oct 2016 09:56:49 +0100 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 Architecture: source Version: 2.2.3-87-gd0fec80-1 Distribution: unstable Urgency: medium Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd3 - GD Graphics Library Closes: 839659 840805 840806 Changes: libgd2 (2.2.3-87-gd0fec80-1) unstable; urgency=medium . * Imported Upstream version 2.2.3-87-gd0fec80 + [CVE-2016-8670]: Stack Buffer Overflow in GD dynamicGetbuf + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr() + [CVE-2016-7568]: Integer overflow in gdImageWebpCtx (Closes: #840805, #840806, #839659) * Refresh patches on top of git snapshot 2.2.3-87-gd0fec80 * Replace -dbg with -dbgsym packages * Disable php_bug_72339 that has overflow constant * Fix error: ISO C99 requires at least one argument for the "..." in a variadic macro Checksums-Sha1: 52684e3622c645ed1a33ff42a6674b98cb841981 2363 libgd2_2.2.3-87-gd0fec80-1.dsc 7c748f98bf29fddd587dacb4fdca6866fd7cc6ba 2239856 libgd2_2.2.3-87-gd0fec80.orig.tar.xz 58744bc626bc9caea9d5a6c071f70f1158e08314 24476 libgd2_2.2.3-87-gd0fec80-1.debian.tar.xz Checksums-Sha256: 4feae7067a735787a258d64f26e08feca1feba4072217b7b2a8916ceda88387c 2363 libgd2_2.2.3-87-gd0fec80-1.dsc c4fbf0b4017aff89dc53ab08600baea78b2a9dab59af77da424a6979e5907d7e 2239856 libgd2_2.2.3-87-gd0fec80.orig.tar.xz fa0d5d80dcc7208b18e14d798fbf9d3fead24da1199dfacfa704460ed3943af2 24476 libgd2_2.2.3-87-gd0fec80-1.debian.tar.xz Files: 8c29c925806f53f87660a5a48e23efb5 2363 graphics optional libgd2_2.2.3-87-gd0fec80-1.dsc bb033924093aaf539ecb9c6034763f02 2239856 graphics optional libgd2_2.2.3-87-gd0fec80.orig.tar.xz cd865f5380d4990e62207e481fa4d881 24476 graphics optional libgd2_2.2.3-87-gd0fec80-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYFxSOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHAJMP/iXsHbutxJdJ+1bFPrjnTAHX /zD87H+bzv2j8hPkKkns4PhSQgdJXjDOnk4lccTr5rKDbK7LcxGjfyJIUQUwIhWP s/86g0R4QnntBAQ0cSZ8KCWnXOovhsndqW6RW1YER624aF2kXJ1cBlObOH4ExbNL F3sLYfRssK3iDrl84WdNJktxOoOXXBGHRTrj6bi4m8ogcC4PmZkp+bHV5kJpwHqJ MfCJk1NCwflCUPYsU2TwTfpUt9PEgPUSqp8x22PAVR65Nj16xFa6rI6qR605huvt MIWr/zokCUlNxdf9wSC2otsHOAMW+vHXM9g86d0PuzT58WV1gSI5Psv1DWAhzgZj RCzqJxo/N9r20MBNMD8R7fC+peClP388JvsFs3mZ2Xn8ZWRJlnpLQ2iuONmHSvUD sK8FMCzPclFZBhtbq+6XM9iWOmz22jBJ4HpduNGiqiwM3KMQAmJlWkjQr+x4U2CV u4AgGQG7RQKVC8Wx5p4+fS71s9neBvWm1cCdb3WDFVjQQu70r9rXdT7+VnqMmvKY oYOqzHLoz4w4mppP9d7+8Gh5uM5irsE7cTScXNJwJFbWpW1o90CUUal8/Rl1HDXZ t7aW/O7jf/Oy7pqXlBsU8EZ+lGGX6StsqqEsCEoZX8iWXODqvOBs2T22C1s5Q2oE nrEE32ko5B/epC88JtFq =J7pa -----END PGP SIGNATURE-----