stable

gd-2.2.4-1.fc24

FEDORA-2017-2717b02630 created by remi 6 years ago for Fedora 24

Version 2.2.4 - 2017-01-18

Security

  • gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
  • double-free in gdImageWebPtr() (CVE-2016-6912)
  • potential unsigned underflow in gd_interpolation.c
  • DOS vulnerability in gdImageCreateFromGd2Ctx()

Fixed

  • Fix #354: Signed Integer Overflow gd_io.c
  • Fix #340: System frozen
  • Fix OOB reads of the TGA decompression buffer
  • Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
  • Fix potential unsigned underflow
  • Fix double-free in gdImageWebPtr()
  • Fix invalid read in gdImageCreateFromTiffPtr()
  • Fix OOB reads of the TGA decompression buffer
  • Fix #68: gif: buffer underflow reported by AddressSanitizer
  • Avoid potentially dangerous signed to unsigned conversion
  • Fix #304: test suite failure in gif/bug00006 [2.2.3]
  • Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border
  • Fix #330: Integer overflow in gdImageScaleBilinearPalette()
  • Fix 321: Null pointer dereferences in gdImageRotateInterpolated
  • Fix whitespace and add missing comment block
  • Fix #319: gdImageRotateInterpolated can have wrong background color
  • Fix color quantization documentation
  • Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
  • Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag
  • Fix #300: gdImageClone() assigns res_y = res_x
  • Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness()
  • Replace GNU old-style field designators with C89 compatible initializers
  • Fix #297: gdImageCrop() converts palette image to truecolor image
  • Fix #290: TGA RLE decoding is broken
  • Fix unnecessary non NULL checks
  • Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files
  • Fix #280: gdImageWebpEx() quantization parameter is a misnomer
  • Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
  • Fix issue #276: Sometimes pixels are missing when storing images as BMPs
  • Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
  • Fix copy&paste error in gdImageScaleBicubicFixed()

Added

  • More documentation
  • Documentation on GD and GD2 formats
  • More tests

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2017-2717b02630

This update has been submitted for testing by remi.

6 years ago
User Icon hreindl commented & provided feedback 6 years ago
karma

works for me with php 7.0/7.1 (own php builds)

This update has been pushed to testing.

6 years ago
User Icon filiperosset commented & provided feedback 6 years ago
karma

no regressions noted

This update has been submitted for stable by bodhi.

6 years ago
User Icon jonathancalloway commented & provided feedback 6 years ago
karma

No errors in dmesg or boot log after reboot

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Builds
1
gd-2.2.4-1.fc24
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
gd-2.2.4-1.fc24

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.1.0^202303051452git9e0caad on bodhi-web-85-skwwj.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy