[Buildroot] [PATCH] gd: security bump to version 2.2.5

Peter Korsgaard peter at korsgaard.com
Mon Oct 16 21:51:08 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2017-6362: Double-free in gdImagePngPtr()
 > CVE-2017-7890: Buffer over-read into uninitialized memory

 > Drop patches no more needed:

 > 0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
 > configure

 > 0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
 > https://github.com/libgd/libgd/commit/6913dd3cd2a7c2914ad9622419f9343bfe956135

 > While we're at it, add a hash for the license file.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list