Summary: | <media-libs/gd-2.2.3: Invalid color index not properly handled | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled, vapier |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1351603 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 587968, 592720, 592722 |
Description
Agostino Sarubbo
2016-07-01 07:36:43 UTC
hasn't seen a release yet. there's some other various security fixes landing too before it'll be cut. Targeted release upstream is 2.2.3. @SpanKY, sec team does not include version in bug title until an ebuild is present in tree. Please do keep letting us know the targeted release though as it helps significantly. Arches, please stabilize: =media-libs/gd-2.2.3 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable on alpha. Stable for HPPA PPC64. amd64 stable arm stable x86 stable sparc stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches, Thank you for your work. Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No (In reply to Yury German from comment #12) > Maintainer(s), please drop the vulnerable version(s). Done. GLSA is not optional here. This issue was resolved and addressed in GLSA 201612-09 at https://security.gentoo.org/glsa/201612-09 by GLSA coordinator Aaron Bauman (b-man). |