[Buildroot] [PATCH 1/1] package/gd: security bump to version 2.3.3

Peter Korsgaard peter at korsgaard.com
Tue Sep 14 12:57:08 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
 >   Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
 >   the vendor's position is "The GD2 image format is a proprietary image
 >   format of libgd. It has to be regarded as being obsolete, and should
 >   only be used for development and testing purposes."
 > - Drop patch (already in version)
 > - Update hash of COPYING (duplicate merged and title added with
 >   https://github.com/libgd/libgd/commit/82d260950589563a1af9c56f4ce5fde843a695ae
 >   https://github.com/libgd/libgd/commit/6013c7bcf6eb795dba584f92d3824ebd3ae60202)

 > https://github.com/libgd/libgd/releases/tag/gd-2.3.3

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list