FEDORA-2016-cad9307ce0 — security update for gd

obsolete

gd-2.1.1-11.fc23

FEDORA-2016-cad9307ce0 created by mskalick 8 years ago for Fedora 23

Security fix for CVE-2016-8670
Security fix for CVE-2016-6911
Security fix for CVE-2016-7568
For Fedora 26 disabled two tests - they are failing because of freetype 2.7 (https://github.com/libgd/libgd/issues/302, https://github.com/libgd/libgd/issues/217)

This update has been submitted for testing by mskalick.

8 years ago

This update has been pushed to testing.

8 years ago

filiperosset commented & provided feedback 8 years ago

karma

no regressions noted

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Thresholds

Minimum Karma

Minimum Testing

14 days

Dates

submitted

8 years ago

in testing

8 years ago

Builds

gd-2.1.1-11.fc23

BZ#1380450 CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx

BZ#1380453 CVE-2016-7568 gd: gd, php: Integer overflow in gdImageWebpCtx [fedora-all]

BZ#1388787 CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf()

BZ#1388788 CVE-2016-6911 gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]

BZ#1391068 CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf

BZ#1391077 CVE-2016-8670 gd: Stack based buffer overflow in dynamicGetbuf [fedora-all]

gd-2.1.1-11.fc23

Automated Test Results

None