Debian Package Tracker
Register | Log in
Subscribe

libgd2

Choose email to subscribe with

general
  • source: libgd2 (main)
  • version: 2.3.0-2
  • maintainer: GD Team (DMD)
  • uploaders: Ondřej Surý [DMD]
  • arch: any
  • std-ver: 3.9.3
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.2.4-2+deb9u5
  • o-o-sec: 2.2.4-2+deb9u4
  • oldstable: 2.2.5-5.2
  • stable: 2.3.0-2
  • testing: 2.3.0-2
  • unstable: 2.3.0-2
versioned links
  • 2.2.4-2+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.2.4-2+deb9u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.2.5-5.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.3.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libgd-dev (1 bugs: 0, 1, 0, 0)
  • libgd-tools
  • libgd3 (1 bugs: 0, 1, 0, 0)
action needed
Debci reports failed tests high
  • unstable: fail (log)
    The tests ran in 0:07:10
    Last run: 2022-05-15T22:24:56.000Z
    Previous status: fail

  • testing: fail (log)
    The tests ran in 0:09:27
    Last run: 2022-05-28T09:29:14.000Z
    Previous status: fail

  • stable: fail (log)
    The tests ran in 0:09:37
    Last run: 2022-05-19T17:39:02.000Z
    Previous status: fail

Created: 2019-01-17 Last update: 2022-05-29 05:41
A new upstream version is available: 2.3.3 high
A new upstream version 2.3.3 is available, you should consider packaging it.
Created: 2021-02-01 Last update: 2022-05-29 05:32
Standards version of the package is outdated. high
The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 3.9.3).
Created: 2014-08-04 Last update: 2022-05-11 23:25
3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:
  • CVE-2021-38115: read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
  • CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."
  • CVE-2021-40812: The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
Created: 2021-08-05 Last update: 2021-12-05 06:30
3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:
  • CVE-2021-38115: read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
  • CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."
  • CVE-2021-40812: The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
Created: 2021-08-15 Last update: 2021-12-05 06:30
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2021-08-14 Last update: 2022-05-29 06:31
lintian reports 19 warnings normal
Lintian reports 19 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-08-22 Last update: 2021-10-13 21:32
5 low-priority security issues in buster low

There are 5 open security issues in buster.

5 issues left for the package maintainer to handle:
  • CVE-2017-6363: (needs triaging) ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"
  • CVE-2018-14553: (needs triaging) gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
  • CVE-2021-38115: (needs triaging) read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
  • CVE-2021-40145: (needs triaging) ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."
  • CVE-2021-40812: (needs triaging) The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30
3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:
  • CVE-2021-38115: (needs triaging) read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
  • CVE-2021-40145: (needs triaging) ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."
  • CVE-2021-40812: (needs triaging) The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30
news
[rss feed]
  • [2020-05-19] libgd2 2.3.0-2 MIGRATED to testing (Debian testing watch)
  • [2020-05-06] Accepted libgd2 2.3.0-2 (source) into unstable (Ondřej Surý)
  • [2020-04-24] Accepted libgd2 2.3.0-1 (source) into unstable (Ondřej Surý)
  • [2020-02-18] Accepted libgd2 2.1.0-5+deb8u14 (source) into oldoldstable (Roberto C. Sanchez)
  • [2019-06-30] Accepted libgd2 2.2.4-2+deb9u5 (source amd64) into proposed-updates->stable-new, proposed-updates (Jonas Meurer)
  • [2019-06-15] libgd2 2.2.5-5.2 MIGRATED to testing (Debian testing watch)
  • [2019-06-12] Accepted libgd2 2.2.5-5.2 (source) into unstable (Jonas Meurer)
  • [2019-06-11] Accepted libgd2 2.1.0-5+deb8u13 (source amd64) into oldstable (Jonas Meurer)
  • [2019-02-12] libgd2 2.2.5-5.1 MIGRATED to testing (Debian testing watch)
  • [2019-02-09] Accepted libgd2 2.2.4-2+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
  • [2019-02-06] Accepted libgd2 2.2.5-5.1 (source) into unstable (Salvatore Bonaccorso)
  • [2019-02-04] Accepted libgd2 2.2.4-2+deb9u4 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
  • [2019-01-30] Accepted libgd2 2.1.0-5+deb8u12 (source amd64) into oldstable (Thorsten Alteholz)
  • [2018-11-03] libgd2 2.2.5-5 MIGRATED to testing (Debian testing watch)
  • [2018-10-29] Accepted libgd2 2.2.5-5 (source) into unstable (Ondřej Surý)
  • [2018-10-20] Accepted libgd2 2.2.4-2+deb9u3 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
  • [2018-10-16] libgd2 2.2.5-4.1 MIGRATED to testing (Debian testing watch)
  • [2018-10-10] Accepted libgd2 2.2.5-4.1 (source) into unstable (Salvatore Bonaccorso)
  • [2018-01-19] Accepted libgd2 2.0.36~rc1~dfsg-6.1+deb7u11 (source amd64) into oldoldstable (Chris Lamb)
  • [2017-10-29] libgd2 2.2.5-4 MIGRATED to testing (Debian testing watch)
  • [2017-10-22] Accepted libgd2 2.2.5-4 (source) into unstable (Ondřej Surý)
  • [2017-09-22] Accepted libgd2 2.0.36~rc1~dfsg-6.1+deb7u10 (source amd64) into oldoldstable (Emilio Pozuelo Monfort)
  • [2017-09-21] libgd2 2.2.5-3 MIGRATED to testing (Debian testing watch)
  • [2017-09-18] Accepted libgd2 2.2.5-3 (source) into unstable (Ondřej Surý)
  • [2017-09-08] Accepted libgd2 2.1.0-5+deb8u11 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
  • [2017-09-07] Accepted libgd2 2.2.4-2+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
  • [2017-09-04] Accepted libgd2 2.2.5-2 (source) into unstable (Ondřej Surý)
  • [2017-08-30] Accepted libgd2 2.2.5-1 (source amd64) into unstable (Ondřej Surý)
  • [2017-08-12] Accepted libgd2 2.0.36~rc1~dfsg-6.1+deb7u9 (source amd64) into oldoldstable (Thorsten Alteholz)
  • [2017-08-12] Accepted libgd2 2.1.0-5+deb8u10 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
  • 1
  • 2
bugs [bug history graph]
  • all: 8
  • RC: 0
  • I&N: 6
  • M&W: 2
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 19)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.3.0-2ubuntu2
  • 8 bugs (1 patch)
  • patches for 2.3.0-2ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing