Overview

File _patchinfo of Package patchinfo.9633

<patchinfo incident="9633">
  <issue tracker="bnc" id="1123522">VUL-1: CVE-2019-6978: gd: The GD Graphics Library 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.</issue>
  <issue tracker="bnc" id="1123354">VUL-0: CVE-2019-6977: php5,php7,php53: A heap based buffer overflow is discovered in GD Graphics library</issue>
  <issue tracker="bnc" id="1118832">VUL-1: CVE-2018-19935: php5,php7,php53: ext/imap/php_imap.c caused a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to imap_mail</issue>
  <issue tracker="cve" id="2019-6978"/>
  <issue tracker="cve" id="2019-6977"/>
  <issue tracker="cve" id="2018-19935"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for php7 fixes the following issues:

Security issue fixed:

- CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354).
- CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
- CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832).

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for php7</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places