http://bugzilla.suse.com/show_bug.cgi?id=1004924 Bug ID: 1004924 Summary: libgd: Stack Buffer Overflow in GD dynamicGetbuf Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: http://seclists.org/oss-sec/2016/q4/133 ================================================== Hi On the PHP bug tracker Emmanuel Law reported a flaw in the libgd library in dynamicGetbuf. The PHP bug report is at (cannot quote the full report for the list archive, sinc a bit long): https://bugs.php.net/bug.php?id=73280 It has been reported upstream apparently (not via the issue tracker) and fixed in upstream as with commit: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bf... Debian has issued a DSA containing this fix as well in DSA-3693-1, https://lists.debian.org/debian-security-announce/2016/msg00274.html Could you please assign a CVE for this issue? Regards, Salvatore ================================================== -- You are receiving this mail because: You are on the CC list for the bug.