Hi, Attached is a debdiff of the changes I made for 2.0.36~rc1~dfsg-3.1 0-day NMU.
Cheers, Giuseppe
diff -u libgd2-2.0.36~rc1~dfsg/debian/changelog libgd2-2.0.36~rc1~dfsg/debian/changelog --- libgd2-2.0.36~rc1~dfsg/debian/changelog +++ libgd2-2.0.36~rc1~dfsg/debian/changelog @@ -1,3 +1,11 @@ +libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks + via crafted files (Closes: #552534) + + -- Giuseppe Iuculano <iucul...@debian.org> Mon, 09 Nov 2009 21:19:11 +0100 + libgd2 (2.0.36~rc1~dfsg-3) unstable; urgency=medium * Drop bogus "-Wl,--disable-rpath" ld flags. Closes: bug#478534, diff -u libgd2-2.0.36~rc1~dfsg/debian/patches/series libgd2-2.0.36~rc1~dfsg/debian/patches/series --- libgd2-2.0.36~rc1~dfsg/debian/patches/series +++ libgd2-2.0.36~rc1~dfsg/debian/patches/series @@ -1,0 +2 @@ +0002_CVE-2009-3546.patch only in patch2: unchanged: --- libgd2-2.0.36~rc1~dfsg.orig/debian/patches/0002_CVE-2009-3546.patch +++ libgd2-2.0.36~rc1~dfsg/debian/patches/0002_CVE-2009-3546.patch @@ -0,0 +1,15 @@ +CVE-2009-3546: buffer overflow or buffer over-read attacks via a crafted GD file +http://svn.php.net/viewvc?view=revision&revision=289557 +--- a/gd_gd.c ++++ b/gd_gd.c +@@ -44,6 +44,10 @@ _gdGetColors (gdIOCtx * in, gdImagePtr i + { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) ++ { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in))
signature.asc
Description: OpenPGP digital signature