Hi Matej, Matej Vela [2006-08-11 19:32 +0200]: > AFAIK, libgd is used to write images rather than read them, so at least > CVE-2004-0990 and CVE-2006-2906 shouldn't be an issue. I'm working > through the code...
Ah, if this can be confirmed, then there is little to worry about. Only reading user defined data is a potential issue. > Unfortunately, libwmf requires a patched libgd with additional > functionality for clipping. :-( Yay embracing and extending. :/ (Anyway, not your fault; thanks for checking). Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
