719464 – (CVE-2018-14553, CVE-2019-11038) <media-libs/gd-2.3.0: Multiple vulnerabilities (CVE-2018-14553, CVE-2019-11038)

Bug 719464 (CVE-2018-14553, CVE-2019-11038) - <media-libs/gd-2.3.0: Multiple vulnerabilities (CVE-2018-14553, CVE-2019-11038)

Summary: <media-libs/gd-2.3.0: Multiple vulnerabilities (CVE-2018-14553, CVE-2019-11038)

Status:	RESOLVED FIXED

Alias:	CVE-2018-14553, CVE-2019-11038

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/libgd/libgd/issues...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:	CVE-2017-6363
	Show dependency tree

Reported:	2020-04-26 00:28 UTC by GLSAMaker/CVETool Bot
Modified:	2020-07-27 20:21 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/16387
Package list:	=media-libs/gd-2.3.0
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-26 00:28:23 UTC

CVE-2019-11038 (https://nvd.nist.gov/vuln/detail/CVE-2019-11038):
  When using the gdImageCreateFromXbm() function in the GD Graphics Library
  (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x
  below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to
  supply data that will cause the function to use the value of uninitialized
  variable. This may lead to disclosing contents of the stack that has been
  left there by previous code.

Comment 1 Sam James archtester

2020-04-26 00:30:07 UTC

Patch: https://github.com/libgd/libgd/commit/e13a342c079aeb73e31dfa19eaca119761bac3f3

Comment 2 Sam James archtester

2020-04-26 00:33:54 UTC

This needs a bump to the (newish) 2.3.0, actually, for CVE-2018-5711.

Comment 3 Larry the Git Cow gentoo-dev

2020-05-10 22:41:05 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c5150b44714482be91bee9004afffef4200a91

commit 69c5150b44714482be91bee9004afffef4200a91
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-05-05 18:11:14 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-10 22:35:49 +0000

    media-libs/gd: Security bump to 2.3.0
    
    Bug: https://bugs.gentoo.org/719464
    Bug: https://bugs.gentoo.org/632076
    Bug: https://bugs.gentoo.org/608730
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15657
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 media-libs/gd/Manifest                             |  1 +
 .../gd/files/gd-2.3.0-disable-flaky-tests.patch    | 25 +++++++
 media-libs/gd/files/gd-2.3.0-getlib.patch          | 81 ++++++++++++++++++++++
 media-libs/gd/gd-2.3.0.ebuild                      | 80 +++++++++++++++++++++
 4 files changed, 187 insertions(+)

Comment 4 Sam James archtester

2020-05-10 22:45:32 UTC

Will stable in a day or so if no bugs arise.

Comment 5 Agostino Sarubbo gentoo-dev

2020-05-13 11:30:23 UTC

s390 stable

Comment 6 Agostino Sarubbo gentoo-dev

2020-05-13 13:18:57 UTC

sparc stable

Comment 7 Agostino Sarubbo gentoo-dev

2020-05-13 14:52:48 UTC

amd64 stable

Comment 8 Agostino Sarubbo gentoo-dev

2020-05-13 17:11:22 UTC

arm stable

Comment 9 Agostino Sarubbo gentoo-dev

2020-05-13 17:13:04 UTC

ppc stable

Comment 10 Agostino Sarubbo gentoo-dev

2020-05-13 17:15:07 UTC

ppc64 stable

Comment 11 Sam James archtester

2020-05-14 05:22:01 UTC

arm64 stable

Comment 12 Agostino Sarubbo gentoo-dev

2020-05-14 08:03:29 UTC

x86 stable

Comment 13 Rolf Eike Beer archtester

2020-05-16 21:55:43 UTC

hppa stable

Comment 14 Sam James archtester

2020-05-21 22:59:45 UTC

@maintainer(s), please cleanup

Comment 15 Larry the Git Cow gentoo-dev

2020-06-25 11:28:02 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7220615bbaa8ce9c101b5130b58f705425c11ea

commit e7220615bbaa8ce9c101b5130b58f705425c11ea
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-06-23 20:43:01 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-06-25 11:27:00 +0000

    media-libs/gd: Drop old (security cleanup)
    
    Bug: https://bugs.gentoo.org/711122
    Bug: https://bugs.gentoo.org/719464
    Package-Manager: Portage-2.3.102, Repoman-2.3.23
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/16387
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 media-libs/gd/Manifest           |  3 --
 media-libs/gd/gd-2.2.5-r2.ebuild | 98 ----------------------------------------
 2 files changed, 101 deletions(-)