[Technik] [SECURITY] [DSA 1117-1] New libgd2 packages fix
denial of service
Noèl Köthe
noel at debian.org
Sat Jul 22 22:54:25 CEST 2006
Am Freitag, den 21.07.2006, 18:19 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1117-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> July 21st, 2006 http://www.debian.org/security/faq
>
> Package : libgd2
> Vulnerability : insufficient input sanitising
> Problem-Type : local(remote)
> Debian-specific: no
> CVE ID : CVE-2006-2906
> Debian Bug : 372912
libgd2 auf pima, pomo, cusa und cupa aktualisiert.
> For the stable distribution (sarge) this problem has been fixed in
> version 2.0.33-1.1sarge1.
changelog:
libgd2 (2.0.33-1.1sarge1) stable-security; urgency=high
* Apply patch to fix infinite loop in GIF code. Closes: bug#372912
(thanks to Alec Berryman <alec at thened.net> for reporting, and to
Martin Pitt <martin.pitt at ubuntu.com> for providing a patch).
Reported as CVE-2006-2906.
* Include this and the earlier security fix as isolated patches in
the source:
+ 1001_CAN-2004-0941.patch
+ 1002_CVE-2006-2906.patch
-- Jonas Smedegaard <dr at jones.dk> Mon, 17 Jul 2006 01:06:53 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://hostsharing.net/pipermail/technik/attachments/20060722/5ee7a324/attachment.pgp
More information about the Technik
mailing list