libgd fixed some issues in the git repositories: 1/ Fix potential unsigned underflow Commit: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 2/ Fix DOS vulnerability in gdImageCreateFromGd2Ctx() Commit: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f 3/ Fix #354: Signed Integer Overflow gd_io.c Commit: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 Issue: https://github.com/libgd/libgd/issues/354
CVE-2016-9317 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9317): The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
CVE-2016-6912 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6912): Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
All reported vulnerabilities are fixed in v2.2.4. @ Maintainer(s): Please bump to >=media-libs/gd-2.2.4!
commit 042f9437ac162678af09cec7b4a1c83b5f84dd96 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Mon Jan 30 23:04:34 2017 media-libs/gd: Security bump to version 2.2.4 (bug #607718). Package-Manager: Portage-2.3.3, Repoman-2.3.1 FYI, two more tests fail in version 2.2.4 (5) compared to 2.2.3 (3).
Test failures due to newer freetype version. Nothing critical, see https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 @ Arches, please test and mark stable: =media-libs/gd-2.2.4
Stable for PPC64.
Stable for HPPA.
amd64 stable
x86 stable
ppc stable
arm stable
sparc stable
ia64 stable
Stable on alpha.
GLSA Vote: No @ Maintainer(s): Please cleanup and drop =media-libs/gd-2.2.3!
commit 8a80444cd043c2ecde4b58f24e977dc7c4077aac Author: Lars Wendler <polynomial-c@gentoo.org> Date: Mon Mar 13 13:55:51 2017 media-libs/gd: Security cleanup (bug #607718). Package-Manager: Portage-2.3.4, Repoman-2.3.2
Repository is clean, all done.