Package "libgd2"

Name:	libgd2
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: Debug symbols for GD Graphics Library GD Graphics Library (development version) GD Graphics Library
Latest version:	2.1.1-4ubuntu0.16.04.12
Release:	xenial (16.04)
Level:	security
Repository:	main

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "libgd2" in Xenial

Repository	Area	Version
base	universe	2.1.1-4build2
base	main	2.1.1-4build2
security	universe	2.1.1-4ubuntu0.16.04.12
updates	main	2.1.1-4ubuntu0.16.04.12
updates	universe	2.1.1-4ubuntu0.16.04.12

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 2.1.1-4ubuntu0.16.04.12 2020-04-02 23:07:09 UTC

libgd2 (2.1.1-4ubuntu0.16.04.12) xenial-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers to crash an application via a specific function call sequence - debian/patches/CVE-2018-14553.patch: remove manual style copy from src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c. - CVE-2018-14553 * SECURITY UPDATE: possible read of uninitialized variable in gdImageCreateFromXbm() - debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive input in src/gd_xbm.c. - debian/patches/CVE-2019-11038-test.patch: add a test for CVE-2019-11038.patch. - debian/patches/CVE-2019-11038-test-functions.patch: add functions for CVE-2019-11038-test.patch. - CVE-2019-11038 -- Avital Ostromich <email address hidden> Thu, 26 Mar 2020 13:51:51 -0400

Source diff to previous version

CVE-2018-14553	gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific functi
CVE-2019-11038	When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x be

Version: 2.1.1-4ubuntu0.16.04.11 2019-02-28 15:07:10 UTC

libgd2 (2.1.1-4ubuntu0.16.04.11) xenial-security; urgency=medium * SECURITY UPDATE: buffer overflow in gdImageColorMatch - debian/patches/CVE-2019-6977.patch: use gdMaxColors in src/gd_color_match.c. - CVE-2019-6977 * SECURITY UPDATE: double-free in gdImage*Ptr() functions - debian/patches/CVE-2019-6978.patch: properly handle failure in src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to tests/jpeg/CMakeLists.txt, tests/jpeg/jpeg_ptr_double_free.c. - CVE-2019-6978 -- Marc Deslauriers <email address hidden> Wed, 27 Feb 2019 14:35:55 -0500

Source diff to previous version

CVE-2019-6977	gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x
CVE-2019-6978	The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is un

Version: 2.1.1-4ubuntu0.16.04.10 2018-08-27 16:07:01 UTC

libgd2 (2.1.1-4ubuntu0.16.04.10) xenial-security; urgency=medium * SECURITY UPDATE: Double free - debian/patches/CVE-2018-1000222.patch: fix in src/gd_bmp.c. - CVE-2018-1000222 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2018-5711.patch: fix in src/gd_gif_in.c. - CVE-2018-5711 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Aug 2018 12:13:57 -0300

Source diff to previous version

CVE-2018-1000222	Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This atta
CVE-2018-5711	gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, h

Version: 2.1.1-4ubuntu0.16.04.8 2017-09-05 17:06:42 UTC

Version: 2.1.1-4ubuntu0.16.04.8	2017-09-05 17:06:42 UTC
`libgd2 (2.1.1-4ubuntu0.16.04.8) xenial-security; urgency=medium * SECURITY UPDATE: Double-free memory - debian/patches/CVE-2017-6362.patch: introduces a static helper to check failure or success in src/gd_png.c also adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am, tests/png/bug00381_1.c, tests/png/bug00381_2.c. - CVE-2017-6362 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Sep 2017 17:23:24 -0300`
Source diff to previous version

libgd2 (2.1.1-4ubuntu0.16.04.8) xenial-security; urgency=medium * SECURITY UPDATE: Double-free memory - debian/patches/CVE-2017-6362.patch: introduces a static helper to check failure or success in src/gd_png.c also adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am, tests/png/bug00381_1.c, tests/png/bug00381_2.c. - CVE-2017-6362 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Sep 2017 17:23:24 -0300

Source diff to previous version

Version: 2.1.1-4ubuntu0.16.04.7 2017-08-14 19:06:38 UTC

Version: 2.1.1-4ubuntu0.16.04.7	2017-08-14 19:06:38 UTC
libgd2 (2.1.1-4ubuntu0.16.04.7) xenial-security; urgency=medium * SECURITY UPDATE: memory read vulnerability in GIF - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid information leak and adding test in src/gd_gif_in.c, tests/gif/CMakeLists.txt, tests/MakeModule.am, tests/gif/uninitialized_memory_read.c, tests/gif/unitialized_memory_read.gif. - CVE-2017-7890 -- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Aug 2017 15:59:01 -0300

libgd2 (2.1.1-4ubuntu0.16.04.7) xenial-security; urgency=medium * SECURITY UPDATE: memory read vulnerability in GIF - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid information leak and adding test in src/gd_gif_in.c, tests/gif/CMakeLists.txt, tests/MakeModule.am, tests/gif/uninitialized_memory_read.c, tests/gif/unitialized_memory_read.gif. - CVE-2017-7890 -- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Aug 2017 15:59:01 -0300

About - Send Feedback to @ubuntu_updates

Package "libgd2"

Links

Other versions of "libgd2" in Xenial

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates