This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[SECURITY] gd: CVE-2014-2497

From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
To: "cygwin-apps at cygwin dot com" <cygwin-apps at cygwin dot com>
Cc: "dr dot volker dot zell at oracle dot com" <dr dot volker dot zell at oracle dot com>
Date: Mon, 19 Jan 2015 23:38:49 -0600
Subject: [SECURITY] gd: CVE-2014-2497
Authentication-results: sourceware.org; auth=none

Dr. Volker Zell,

A security vulnerability has been made public for gd.  Could you please:

1) port this patch to 2.0.36RC1, for the benefit of those package
currently linked against libgd2:

http://git.php.net/?p=php-src.git;a=patch;h=cf47536

2) AND could you bump gd to 2.1.1, which already includes this fix, from
its new home at http://libgd.bitbucket.org/ so we can move on to the
currently supported code base for future builds?

TIA,

--
Yaakov

Follow-Ups:
- Re: [SECURITY] gd: CVE-2014-2497
  - From: Yaakov Selkowitz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]