Summary: | dev-lang/php Possible infinite included loop in libgd/gd_png.c (inside png_set_read_fn() callback) with truncated input (CVE-2007-2756) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hoffie, php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2? [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 179154 | ||
Bug Blocks: |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2007-05-19 22:18:12 UTC
php please advise. php please advise. php please advise. php please advise. JFYI: This bug has been fixed in >=php-5.2.3 (see http://www.php.net/releases/5_2_3.php); this version of php is only available in the php overlay atm. php, what's the status here? Same as with http://bugs.gentoo.org/180556 -- will be fixed once >=php-5.2.3-r2 from the overlay gets merged into the tree. afaict php-5.2.3-r3 seems stable on all security supported arches, so ready for glsa. maybe we could mention this issue as part of the GD draft. security, please comment. GLSA 200710-02, sorry for the delay. |