From ${URL} : It was reported [1] that the gdImageCreateFromXpm() function in libgd could dereference a NULL pointer, noting: "The call to strlen() parses image.colorTable[i].c_color which is initialised as NULL if the particular color mapping uses a different key (such as monochrome/monovisual)." This was reported against PHP, which includes an embedded copy of the gd library. CVE-2014-2497 was assigned to this issue [2]. [1] https://bugs.php.net/bug.php?id=66901 [2] http://seclists.org/oss-sec/2014/q1/580 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
gd-2.1.1 is in the tree now, but will want to give it time to bake
Standard 30 Days, or less?
doing stabilization via bug 538686
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201607-04 at https://security.gentoo.org/glsa/201607-04 by GLSA coordinator Aaron Bauman (b-man).