+++ This bug was initially created as a clone of Bug #292130 +++ CVE-2009-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3546): The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
Maintainers, please provide a fixed ebuild.
Created attachment 210125 [details, diff] Fix for gd maxcolors bug As i can see php herd lacks manpower to fix their bugs, so if noone is against i'll apply this patch and commit later today or tomorrow.
I talked to hoffie last weekend and he said that he wanted to fix it this week. He planned to add some further (non-security) patches for various crashes that can be found in upstream's SVN. I'm not sure if he has enough time to do it, and I think it wouldn't hurt to just commit it.
Ok, i've just commited fixed ebuild. Sorry for hurry, but this is important to me. ;)
Thanks. Arches, please test and mark stable: =dev-lang/php-5.2.11-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
CVE-2009-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3546): The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
amd64/x86 stable
arm stable
Stable for HPPA.
ppc64 done
alpha/ia64/s390/sh/sparc stable
ppc stable
GLSA 201001-03. Thank you everyone, sorry about the delay.