-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 Jan 2018 15:35:36 +1100 Source: libgd2 Binary: libgd-tools libgd2-xpm-dev libgd2-noxpm-dev libgd2-xpm libgd2-noxpm Architecture: source amd64 Version: 2.0.36~rc1~dfsg-6.1+deb7u11 Distribution: wheezy-security Urgency: high Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: libgd-tools - GD command line tools and example code libgd2-noxpm - GD Graphics Library version 2 (without XPM support) libgd2-noxpm-dev - GD Graphics Library version 2 (development version) libgd2-xpm - GD Graphics Library version 2 libgd2-xpm-dev - GD Graphics Library version 2 (development version) Closes: 887485 Changes: libgd2 (2.0.36~rc1~dfsg-6.1+deb7u11) wheezy-security; urgency=high . * CVE-2018-5711: Prevent an denial-of-service attack via a malicious GIF image. A corrupt file could have exploited a signedness confusion leading to an infinite loop. Furthermore, ensure that a GIF without "palette entries" is treated as invalid after open entries have been removed. (Closes: #887485) Checksums-Sha1: bb16f332e15d4c9b860721d6530fbf8bbfb2ce04 2429 libgd2_2.0.36~rc1~dfsg-6.1+deb7u11.dsc e93c43f3c2283c6fe09793ac06a4a106374e0cb3 761899 libgd2_2.0.36~rc1~dfsg.orig.tar.gz ebbb1635f8fcffacd556a035b9498d4813786fa7 34744 libgd2_2.0.36~rc1~dfsg-6.1+deb7u11.debian.tar.gz fd949d9b0cc72f812e8fdea3b99269fc024c6846 172392 libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb b7a76e2f61b00acaafa0651c6ba7f80e613a3b31 377184 libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 4768a416a8f7c5961e97da3753ecd6e8b4150d4f 374746 libgd2-noxpm-dev_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb fc597760363246ad3b60898f9a755019bc492675 235926 libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 5f085cd6f5078c6a0761862247779f1713b1389d 233508 libgd2-noxpm_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb Checksums-Sha256: c90947b4e0011551f1b78936c20d1e8275ad40c15aa9389107894bbd31b93d59 2429 libgd2_2.0.36~rc1~dfsg-6.1+deb7u11.dsc 919df21310ad4a8b6155df01411138110589cc6c50b1bc414dc62aebb0a7f41a 761899 libgd2_2.0.36~rc1~dfsg.orig.tar.gz 83cab51096b75affb5f53728987b6eaaa3c29b423f332c6297aa6b230521a0d0 34744 libgd2_2.0.36~rc1~dfsg-6.1+deb7u11.debian.tar.gz 3abcf213fb528a164dfd826b7b4547266b6035712c5ec2037a4c9ab9992650e3 172392 libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb e52e11d01f8c9b28adecc85a8f4757722f52da45a91a47eaab2f52d269f32731 377184 libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 81c2a721337f8d19004d82bb8cfd9535cc86d70c2a68bca8a74155de355a1ab3 374746 libgd2-noxpm-dev_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 1beaa8d760e9b34fba986183e90223ff4413ffed22b7e041a6843c3555e4e429 235926 libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb c4b7a5c7a137673adb354a8bce1e823f529f308e5fc246b406c6109bb96ecbd5 233508 libgd2-noxpm_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb Files: 0078a8eb2723fb39e27e3bfa59cbefdc 2429 graphics optional libgd2_2.0.36~rc1~dfsg-6.1+deb7u11.dsc 0f4d2fa45627af0e87fcb74f653b66dd 761899 graphics optional libgd2_2.0.36~rc1~dfsg.orig.tar.gz 799a39165cb2d62770313636fe59f739 34744 graphics optional libgd2_2.0.36~rc1~dfsg-6.1+deb7u11.debian.tar.gz 03ca2165207a1ef96340e4d947ac4499 172392 graphics optional libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 208a31a98718ae9f885954c4d62c0836 377184 libdevel optional libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 59fa064dbc6505db3069b547dfdaded9 374746 libdevel optional libgd2-noxpm-dev_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb b51f0ea378e05ad61057ce653d5ed43e 235926 libs optional libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb 8eef444b0984e79a443f03846d1de829 233508 libs optional libgd2-noxpm_2.0.36~rc1~dfsg-6.1+deb7u11_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlphetwACgkQHpU+J9Qx HlgQlQ/+LGYKpYhVl6Bb/zF4gKz7rNTVhtIMtt7ryoj/9pTJE0pr1KcOExht5ukK L2dxiFVEpSD+54taLKCRPE6wSFCwBt4E0rqJFx10U2R7nDDDmmiQ/83UScI7z+PA CkcyXzXyDDgU1+McVU7ca1y5aTzQQScNujcj1iH+pVEmnhs+BncYxnsrWp7Oyp/0 rjb+55OhFZlaMS+1rp2KNFdzPC/WeAuc5+q1YwvfaJ8QDCUAU0thFb2lSPJJj+PZ YPJBxu89J7VJo4L1nBTnt0VgBtxOdu0+Eh/cWCZbhtWSCipuyF/bxGiPhHUJ9taG UM1orMMkN+wYP34YU5HAJWHqHs0tRZkxiB4yreH4rWvuWBwscXFJqQgGtyFvXCRM BG0wQMF+zrpbh8+R+UXb6llbD71wSFN2MS1yx0dSp/eHlJOn71PcBRX6aI/fXpQi FkUCXENG4UJTLZIF4QcG8yZOqaEp8f7CV0B5e+t5Q8PLwNIZQxjIpkQPEYP0oH1K ujPYUiJHol9o6E+Q9t0qhWu+n7XS9FEufwfvCcu8hPWJjZBw6NW+eoO2Aah5gz0k x/XYglrLNa22nb1XxzPpHjJ5wK6ESIoMPaINO1b2fAEhDCS6zN7Ycx+9bTX/nsIP SYnIlCuS2/L9InXSaDwBVXcMMzNpLOMKrixvQiNa/yuWGMAiqU4= =EKrj -----END PGP SIGNATURE-----