Overview

File _patchinfo of Package patchinfo.3355

<patchinfo incident="3355">
  <packager>pgajdos</packager>
  <issue tracker="bnc" id="1001900">VUL-0: CVE-2016-7568: gd,php7,php53: Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) ...</issue>
  <issue id="1004924" tracker="bnc">VUL-0: CVE-2016-8670: libgd, php5, php53, php7: Stack Buffer Overflow in GD dynamicGetbuf</issue>
  <issue id="1005274" tracker="bnc">VUL-0: CVE-2016-6911: php5, php7, php53, gd: Check for out-of-bound read in dynamicGetbuf()</issue>
  <issue tracker="cve" id="2016-7568"></issue>
  <issue id="2016-8670" tracker="cve" />
  <issue id="2016-6911" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for gd</summary>
  <description>
This update for gd fixes the following security issues:

- CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code
                 when the image is converted to webp (bsc#1001900)
- CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924)
- CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places