[Buildroot] [PATCH 1/1] package/gd: security bump to version 2.3.3
Peter Korsgaard
peter at korsgaard.com
Tue Sep 14 12:57:08 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
> Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
> the vendor's position is "The GD2 image format is a proprietary image
> format of libgd. It has to be regarded as being obsolete, and should
> only be used for development and testing purposes."
> - Drop patch (already in version)
> - Update hash of COPYING (duplicate merged and title added with
> https://github.com/libgd/libgd/commit/82d260950589563a1af9c56f4ce5fde843a695ae
> https://github.com/libgd/libgd/commit/6013c7bcf6eb795dba584f92d3824ebd3ae60202)
> https://github.com/libgd/libgd/releases/tag/gd-2.3.3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list