The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain
colorsTotal structure member, which might allow remote attackers to
conduct buffer overflow or buffer over-read attacks via a crafted GD
file, a different vulnerability than CVE-2009-3293. NOTE: some of
these details are obtained from third party information.
Maintainers, please provide a fixed ebuild.
Created attachment 209726 [details]
@mike: any objections to commit these two files?
Created attachment 209727 [details]
looks fine to me, thanks
bumped in cvs.
*gd-2.0.35-r1 (09 Nov 2009)
09 Nov 2009; Markus Meier <email@example.com> +gd-2.0.35-r1.ebuild,
revision bump wrt security bug #292130
Arches, please stabilise
target keywords: alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
Stable for HPPA.
GLSA request filed.