Since you're using CVS instead of SVN or BZR, it's actually pretty difficult to extract your patches. :)
As you say, #7 is already applied in Ubuntu. From the looks of it, every other fix are NULL-deref fixes, which unless it can be demonstrated how a service can be DoS'd with this, they don't look like security issues to me. If I've overlooked something, please let me know. For now, I'll turn off the security bit on this report. Thanks again! ** This bug is no longer flagged as a security issue -- libgd2 project, new maintainership, new CVS, new issue tracker https://launchpad.net/bugs/78476 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
