Mailinglist Archive: opensuse-bugs (4258 mails)

< Previous Next >
[Bug 1022069] New: VUL-0: libgd: potential unsigned onderflow, denial-of-service in gdImageCreateFromGd2Ctx and signed overflow in gd_io.c
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 26 Jan 2017 12:58:49 +0000
  • Message-id: <bug-1022069-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1022069


Bug ID: 1022069
Summary: VUL-0: libgd: potential unsigned onderflow,
denial-of-service in gdImageCreateFromGd2Ctx and
signed overflow in gd_io.c
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/202
===============================================
Hi

[I'm collecting the request in one mail, although maybe I should have
splitted up, apologies for that].

libgd fixed some issues in the git repositories, for which the
following three does not seem to have CVE ids:

1/ Fix potential unsigned underflow
Commit:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35

2/ Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Commit:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f

3/ Fix #354: Signed Integer Overflow gd_io.c
Commit:
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
Issue: https://github.com/libgd/libgd/issues/354

Could you please assign CVE id's for those?

Regards,
Salvatore
===============================================

Seems, this is - https://software.opensuse.org/package/gd

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >