CVE-2018-5711 (https://nvd.nist.gov/vuln/detail/CVE-2018-5711): gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. CVE-2019-6977 (https://nvd.nist.gov/vuln/detail/CVE-2019-6977): gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. CVE-2019-6978 (https://nvd.nist.gov/vuln/detail/CVE-2019-6978): The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c46087add86facfccbc875e0064cbc167775249
sparc done
Looks like security stabilizations are the only stabilizations happening to media-libs/gd, thus I will draw a line in the sand here on test failures and will NOT stabilize this on arm64 before bug 632076 and bug 608730 are fixed.
leio, security vulnerabilities are not the place where you draw the line for stabilizations. You are not hurting anyone other then the arm64 users by not stabilizing security bugs.
x86 stable
The line is where I say it is, as far as my work is concerned. It is my volunteer work, and I am tired of wasting my time on test failures that have been lingering for years.
arm64 stable
amd64 stable
s390 stable
arm stable
This issue was resolved and addressed in GLSA 201903-18 at https://security.gentoo.org/glsa/201903-18 by GLSA coordinator Aaron Bauman (b-man).
re-opened for final arches.
hppa stable
alpha stable
ppc64 stable
ppc stable
ia64 stable. Maintainer(s), please cleanup.
tree is clean