Accepted libgd2 2.1.0-5+deb8u4 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Jul 2016 15:02:40 +0200
Source: libgd2
Binary: libgd-tools libgd-dev libgd3 libgd-dbg libgd2-xpm-dev libgd2-noxpm-dev
Architecture: source amd64
Version: 2.1.0-5+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
libgd-dbg - Debug symbols for GD Graphics Library
libgd-dev - GD Graphics Library (development version)
libgd-tools - GD command line tools and example code
libgd2-noxpm-dev - GD Graphics Library (transitional package)
libgd2-xpm-dev - GD Graphics Library (transitional package)
libgd3 - GD Graphics Library
Closes: 829014 829062 829694
Changes:
libgd2 (2.1.0-5+deb8u4) jessie-security; urgency=high
.
* [CVE-2016-5766]: Fix Integer Overflow in _gd2GetHeader() resulting in
heap overflow (Closes: #829014)
* [CVE-2016-6128]: Fix invalid color index not handled, can lead to
crash (Closes: #829062)
* [CVE-2016-6161]: Add upstream patch to fix gif: avoid out-of-bound
reads of masks array
* [CVE-2016-6132]: Fix out-of-bounds read in the parsing of TGA files
(Closes: #829694)
* [CVE-2016-6214]: Fix read out-of-bands was found in TGA
* [CVE-to-be-assigned]: Fix another out-of-bounds read in read_image_tga
(upstream #248)
* [CVE-2016-5116]: Fix xbm: avoid stack overflow (read) with large names
Checksums-Sha1:
ecd2566d277b728d92a2eade015a6eeb44652be2 2467 libgd2_2.1.0-5+deb8u4.dsc
31370d2bdc6b334791363958d00042676ed18c1e 42188 libgd2_2.1.0-5+deb8u4.debian.tar.xz
c612d05bec4d776dc251abbcd1fa4171b2db3980 42170 libgd-tools_2.1.0-5+deb8u4_amd64.deb
694fddad0afeca74252a7fa96e303469623e8a57 285990 libgd-dev_2.1.0-5+deb8u4_amd64.deb
cf5c751405d7ef91c0660b10661ac6e44f591650 147158 libgd3_2.1.0-5+deb8u4_amd64.deb
da96ddec0407ea5ee86f2b2d48ae77590c46b32b 312798 libgd-dbg_2.1.0-5+deb8u4_amd64.deb
3907816e7b17db029304207345db05a26ab62311 1226 libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb
c54558be2a2fb692c3721066c0d5ae2fdaff9bfe 1234 libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb
Checksums-Sha256:
36f4108f39a7c0f94c3c6f7e82ded7fd97107a2ba562de53746e2cab3dfd149e 2467 libgd2_2.1.0-5+deb8u4.dsc
02d1970ea4764cea15586f5f9663cbfb20694f985f8bd50927912d481f1d61cc 42188 libgd2_2.1.0-5+deb8u4.debian.tar.xz
6f3d26ee2f2b3d4dbdef2e3c016ea8d961b4b2a8f11c9cb92fa5c9310fb7d3a6 42170 libgd-tools_2.1.0-5+deb8u4_amd64.deb
1a828e6d07c861f1664509f9b69c1cb976fa6500a32f44b042ecd7e3756c983a 285990 libgd-dev_2.1.0-5+deb8u4_amd64.deb
81c79acdb6280b5581f362e093447bb45b00b2cb12e08a2732a49f7ff98ecb4e 147158 libgd3_2.1.0-5+deb8u4_amd64.deb
ef6ad931e8cb4202914e916e0ddb8752c64092adae56d6fd84badb3f3385ab09 312798 libgd-dbg_2.1.0-5+deb8u4_amd64.deb
bdca1fb09a060f6855760cd8a61141b8c0edbb366f46935fae6c3798e04610c3 1226 libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb
0d88e7dbe42220e4136b5cb72813a8b1538c2fb28d5f467268185f3893408cc9 1234 libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb
Files:
7406b8daef1a4a32288fb1917245e62b 2467 graphics optional libgd2_2.1.0-5+deb8u4.dsc
3f98fe92e5546e149a64c8c3a6cb175e 42188 graphics optional libgd2_2.1.0-5+deb8u4.debian.tar.xz
170f217cf2e9cc0c07c6303874565cec 42170 graphics optional libgd-tools_2.1.0-5+deb8u4_amd64.deb
480e518a04dbdf1675f35bf83901e104 285990 libdevel optional libgd-dev_2.1.0-5+deb8u4_amd64.deb
f3dc95517656c2ecb67811d1c5cf0f27 147158 libs optional libgd3_2.1.0-5+deb8u4_amd64.deb
449b6edc19c751a319c66671239d96ac 312798 debug extra libgd-dbg_2.1.0-5+deb8u4_amd64.deb
7cbc6eaf10cf3847c139baa6887b0644 1226 oldlibs extra libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb
e530298ac8fc56048d092f1aa1c67f2d 1234 oldlibs extra libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXiOAoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHMKIP/01h981oZSck38eG1cSfGUnf
lIfC+JCADXSdEGP2lf0iVDnLteRDaopB7wCMUM1GbVrwxDOz4rsZxwC6pxz89iuv
/ht0SPzxaSKpz0SQ5UEi/tOno2aDFfgFW9G8Cp/la96ipcMGYzcpUqyB+TXliL5G
iAa6J7msxesgQ+4IUNrnLE+gqLyPEgP3Wga171lDf5AGd0BF+wD+I6oG4dBbW2VI
TTHM3qi69SsNFPB7GQx88n0ZHJaukmPLmRq1LOB4mvv1R6qlxTzNvaO4K6mkzcCi
il7MMEN7RKcoTCSRO4useHZy2q1oViZdcnU9d56iqDeirokaNK07wF562M1/lqzb
ovXUcjh4MiILTA3alx0Z70Vmtv11ROamHPQApjiD5PbFnj1mCjiNYfrjRtKmCIQL
dv7x0nsUerGVJxqmyuhLVah5zMIPQafQMwqSSm0BLDscgtkeVUxpTUn06wVFReJi
0znG53cztxdDN09+ULGie2JyLp3egOjM+ZK3w0sjhMUuCZ7Dm2ZZ4eKrGOVCJ2I6
6ZbitGLOgUfWdEEpuyqduHlfgutQg8EySFEh81T9ZV9iW00XMne+H89BTsFNkpFB
zWD7zy7Wcb+8llyQuH4U1zp0z5M8A7/y+IYmSbffaHI8mDDr0XsAzpKzXAbi7rtZ
b9TOaT/yuTI3m8hnoTOY
=gJe0
-----END PGP SIGNATURE-----