Package: libgd2 X-Debbugs-CC: t...@security.debian.org secure-testing-team@lists.alioth.debian.org Severity: important Tags: security
Hi, the following vulnerability was published for libgd2. CVE-2018-5711[0]: | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP | before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x | before 7.2.1, has an integer signedness error that leads to an infinite | loop via a crafted GIF file, as demonstrated by a call to the | imagecreatefromgif or imagecreatefromstring PHP function. This is | related to GetCode_ and gdImageCreateFromGifCtx. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711 Please adjust the affected versions in the BTS as needed. _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team