[Frugalware-darcs] homepage-ng: FSA199-gd

voroskoi voroskoi at frugalware.org
Thu Jun 7 19:06:05 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607165827-dd049-03d560fd0c44493b74cacd7d59b60dc8b5558f42.gz;

[FSA199-gd
voroskoi <voroskoi at frugalware.org>**20070607165827] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>199</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>gd</package>
+		<vulnerable>2.0.34-1</vulnerable>
+		<unaffected>2.0.34-2terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2074</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2756</cve>
+		<desc>Xavier Roche has reported a vulnerability in GD Graphics Library, =
which can be exploited by malicious people to cause a DoS (Denial of Servic=
e). The vulnerability is caused due to the incorrect use of libpng within t=
he function "gdPngReadData()" when processing truncated data. This can be e=
xploited to cause an infinite loop by e.g. tricking an application using th=
e library to process a specially crafted file.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list