This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[SECURITY] gd: CVE-2014-2497
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: "cygwin-apps at cygwin dot com" <cygwin-apps at cygwin dot com>
- Cc: "dr dot volker dot zell at oracle dot com" <dr dot volker dot zell at oracle dot com>
- Date: Mon, 19 Jan 2015 23:38:49 -0600
- Subject: [SECURITY] gd: CVE-2014-2497
- Authentication-results: sourceware.org; auth=none
Dr. Volker Zell,
A security vulnerability has been made public for gd. Could you please:
1) port this patch to 2.0.36RC1, for the benefit of those package
currently linked against libgd2:
http://git.php.net/?p=php-src.git;a=patch;h=cf47536
2) AND could you bump gd to 2.1.1, which already includes this fix, from
its new home at http://libgd.bitbucket.org/ so we can move on to the
currently supported code base for future builds?
TIA,
--
Yaakov