CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2020/06/29 18:05:49
Modified files:
graphics/gd : Makefile distinfo
graphics/gd/pkg: PLIST
Log message:
update to libgd-2.3.0, includes some security-related and other fixes,
Potential double-free in gdImage*Ptr(). (CVE-2019-6978)
gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977)
Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038)
Double-free in gdImageBmp. (CVE-2018-1000222)
Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553)
Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711)
and see https://github.com/libgd/libgd/blob/gd-2.3.0/CHANGELOG.md
(if anyone is thinking of backporting, gdlib-config was removed,
p5-GD and cvsgraph updates will be needed)
