Your message dated Sat, 20 Oct 2018 09:48:12 +0000
with message-id <[email protected]>
and subject line Bug#887485: fixed in libgd2 2.2.4-2+deb9u3
has caused the Debian Bug report #887485,
regarding libgd2: CVE-2018-5711 Inifinite loop via crafted gif file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
887485: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgd2
X-Debbugs-CC: [email protected]
[email protected]
Severity: important
Tags: security
Hi,
the following vulnerability was published for libgd2.
CVE-2018-5711[0]:
| gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP
| before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x
| before 7.2.1, has an integer signedness error that leads to an infinite
| loop via a crafted GIF file, as demonstrated by a call to the
| imagecreatefromgif or imagecreatefromstring PHP function. This is
| related to GetCode_ and gdImageCreateFromGifCtx.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-5711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libgd2
Source-Version: 2.2.4-2+deb9u3
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Sep 2018 19:29:19 +0200
Source: libgd2
Binary: libgd-tools libgd-dev libgd3
Architecture: source amd64
Version: 2.2.4-2+deb9u3
Distribution: stretch
Urgency: medium
Maintainer: GD team <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
libgd-dev - GD Graphics Library (development version)
libgd-tools - GD command line tools and example code
libgd3 - GD Graphics Library
Closes: 887485 906886
Changes:
libgd2 (2.2.4-2+deb9u3) stretch; urgency=medium
.
* CVE-2018-1000222 (Closes: #906886)
* CVE-2018-5711 (Closes: #887485)
Checksums-Sha1:
3ff932a214313d26bfee5d0740123a9ec7e69d2f 2191 libgd2_2.2.4-2+deb9u3.dsc
8c61029a889d6c3dd7fc56c92df2a2b18dcad4b5 28228
libgd2_2.2.4-2+deb9u3.debian.tar.xz
7917f59601d3dfbb642777f437fab5c989eb82e1 271048
libgd-dev_2.2.4-2+deb9u3_amd64.deb
851574497b94f42974526c05332513fdd5da68a4 46300
libgd-tools-dbgsym_2.2.4-2+deb9u3_amd64.deb
cc46bf6ee7b9769e1e281b3da0165d5c29e5881b 34718
libgd-tools_2.2.4-2+deb9u3_amd64.deb
a220368d039e6aafe808831fed7879f1740ce834 8359
libgd2_2.2.4-2+deb9u3_amd64.buildinfo
95a0d0b2314b4c3cbdfa8d4965aac337dc75312c 245260
libgd3-dbgsym_2.2.4-2+deb9u3_amd64.deb
1d770541f25650bda44331f3a6cb104008b6ccc3 132162 libgd3_2.2.4-2+deb9u3_amd64.deb
Checksums-Sha256:
4ebd725cf172ad2763c4ba941222d52e4964ef01798f63f1c796ac4bbf4a5133 2191
libgd2_2.2.4-2+deb9u3.dsc
f8b7476962a8f41b3fb837ece03544895dac86a44aae3a8c614ef2948d05528f 28228
libgd2_2.2.4-2+deb9u3.debian.tar.xz
17b95f858674b2bcf0fbc02dfcf08778c816cfcffc6c9d63fbff0c4ba180841f 271048
libgd-dev_2.2.4-2+deb9u3_amd64.deb
9a2ded7dcc94b11f76b19d0dc6eae52052cb6c313a0667eb19a43c619377526a 46300
libgd-tools-dbgsym_2.2.4-2+deb9u3_amd64.deb
c5b27513ab6ce2f1d8ef526c2976e51490ad19d5f07e8c6393727df0614fe09e 34718
libgd-tools_2.2.4-2+deb9u3_amd64.deb
badc8628f4b96add7848cb9b44fe4f0003163b168ef0cf74a68ead1a0373e5e8 8359
libgd2_2.2.4-2+deb9u3_amd64.buildinfo
183904c62893e0d2011481db8c5662e2f97bfb9dcb144f878b714ba65c1c09f9 245260
libgd3-dbgsym_2.2.4-2+deb9u3_amd64.deb
8c4c84696b654d56cf598df911cf4100938344ed7004ddde36fe619d39c630b1 132162
libgd3_2.2.4-2+deb9u3_amd64.deb
Files:
297dab72e7d946a900c426a7b8eb3079 2191 graphics optional
libgd2_2.2.4-2+deb9u3.dsc
4afb6fb1209954dcf9d94c35b3aeb5f7 28228 graphics optional
libgd2_2.2.4-2+deb9u3.debian.tar.xz
ca16ddae862d1a9f73eb5b972ffd9d61 271048 libdevel optional
libgd-dev_2.2.4-2+deb9u3_amd64.deb
49f19229697c432c43931db0dc985233 46300 debug extra
libgd-tools-dbgsym_2.2.4-2+deb9u3_amd64.deb
c1295bfaf8e0e3b2219abb3a7d4673fd 34718 graphics optional
libgd-tools_2.2.4-2+deb9u3_amd64.deb
7b84eccf7f99d17442858eda67f502ab 8359 graphics optional
libgd2_2.2.4-2+deb9u3_amd64.buildinfo
550289b9275bee535d3d2c2b20aceb8d 245260 debug extra
libgd3-dbgsym_2.2.4-2+deb9u3_amd64.deb
dc23e357937a1eb826b7051c16a15ad0 132162 libs optional
libgd3_2.2.4-2+deb9u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlu3ztEACgkQEMKTtsN8
TjYtcA/+MH0/kqY9hLZy8N6V0Xna4U9YH+UAwIEVQelQqckrJvrOcubf5pvTfpYB
ZNKT7MyZBpPmwxg/QcQhjXb9kO3xE2Uk4UZA1qrkW15fSWLZohpHotlO0TpoRoeR
49zm49v0BdSXv/CNfe1WEHkiZuF8JvanRh6VSkwJuyMIBI/BVs/84uc56TZd7KgV
XiIhVhBDbrx4D1X+mdsXzNLL7Jk3DjpKBHW5bLgMei+fFsr2mMZf3GgKllkgkjAn
Mxbxf6kAsPu65I9WveUr+wwHb5JNhrrDiRUwnIfz7osSPvc8Y/9+2ODMNAdlOc/9
mvllxO3mqUeQWA5wUMr6x/+4VvUiFJlKKFdqKbPbAsTldNaXPOc6v7w071z6QmpY
f+nJXxXZlAE7CxXB6PUyazuRdQGJmBlqm9YLjUUlmHPQZ77HYEunT/XTp7/HFT2i
lQTQRg4+7DviGANL17+OJFULB7lYvLBFFujnJ77Aitv7ZLTtppbEfCTrZEM6L2fI
BPvP12tvnT/BurhPcp/3YHbc+5ty0qZ1PA7gAD0q7nfnC06dRikAXMh3vXY186Pp
NtJL7rxLVBPE9gAx1HtQPkbYxkG6wwhVEGQmyxQbWrJuneiVQWjQ8aestMYYfELV
3UZcjXvGofysPQa44h+AeFhW0hhdJF+650Cw4apRXedwdMaVKd0=
=qSzY
-----END PGP SIGNATURE-----
--- End Message ---
