Debian Bug report logs -
#552534
libgd2: CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files
Reported by: Raphael Geissert <geissert@debian.org>
Date: Tue, 27 Oct 2009 10:12:02 UTC
Severity: grave
Tags: security
Found in version libgd2/2.0.36~rc1~dfsg-3
Fixed in versions libgd2/2.0.36~rc1~dfsg-3.1, libgd2/2.0.36~rc1~dfsg-3+lenny1, libgd2/2.0.33-5.2etch4
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#552534; Package src:libgd2.
(Tue, 27 Oct 2009 10:12:05 GMT) (full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Version: 2.0.36~rc1~dfsg-3
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libgd2.
CVE-2009-3546[0]:
| The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
| GD Graphics Library 2.x, does not properly verify a certain
| colorsTotal structure member, which might allow remote attackers to
| conduct buffer overflow or buffer over-read attacks via a crafted GD
| file, a different vulnerability than CVE-2009-3293. NOTE: some of
| these details are obtained from third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
http://security-tracker.debian.org/tracker/CVE-2009-3546
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Information forwarded
to debian-bugs-dist@lists.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#552534; Package src:libgd2.
(Mon, 09 Nov 2009 20:48:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to GD team <pkg-gd-devel@lists.alioth.debian.org>.
(Mon, 09 Nov 2009 20:48:07 GMT) (full text, mbox, link).
Message #8 received at 552534@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Attached is a debdiff of the changes I made for 2.0.36~rc1~dfsg-3.1 0-day NMU.
Cheers,
Giuseppe
[libgd2_2.0.36~rc1~dfsg-3.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Mon, 09 Nov 2009 21:39:06 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer.
(Mon, 09 Nov 2009 21:39:06 GMT) (full text, mbox, link).
Message #13 received at 552534-close@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Source-Version: 2.0.36~rc1~dfsg-3.1
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive:
libgd-tools_2.0.36~rc1~dfsg-3.1_i386.deb
to main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3.1_i386.deb
libgd2-noxpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
to main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
libgd2-noxpm_2.0.36~rc1~dfsg-3.1_i386.deb
to main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3.1_i386.deb
libgd2-xpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
to main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
libgd2-xpm_2.0.36~rc1~dfsg-3.1_i386.deb
to main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3.1_i386.deb
libgd2_2.0.36~rc1~dfsg-3.1.diff.gz
to main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3.1.diff.gz
libgd2_2.0.36~rc1~dfsg-3.1.dsc
to main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552534@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 09 Nov 2009 21:19:11 +0100
Source: libgd2
Binary: libgd-tools libgd2-xpm-dev libgd2-noxpm-dev libgd2-xpm libgd2-noxpm
Architecture: source i386
Version: 2.0.36~rc1~dfsg-3.1
Distribution: unstable
Urgency: high
Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libgd-tools - GD command line tools and example code
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Closes: 552534
Changes:
libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
via crafted files (Closes: #552534)
Checksums-Sha1:
19eb59ff82bbd005f701253180024114dc127eb3 1592 libgd2_2.0.36~rc1~dfsg-3.1.dsc
6bb0b2fe50a33bc64dd3a06b473413d9b3b71da4 29104 libgd2_2.0.36~rc1~dfsg-3.1.diff.gz
8e5aa0377a16768e144999160652c2a9611180ae 164508 libgd-tools_2.0.36~rc1~dfsg-3.1_i386.deb
89856737f0e969d54faed99d9571bfcb89629926 358442 libgd2-xpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
2bf80235dd474b530e12af1593af7e1f94b8acb9 356384 libgd2-noxpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
bba8129f31e4eea7eb0d6af7cc8c0a5ef09f97fc 222442 libgd2-xpm_2.0.36~rc1~dfsg-3.1_i386.deb
a055bb8a002f007791c24dd759070a9ec71db6f2 220700 libgd2-noxpm_2.0.36~rc1~dfsg-3.1_i386.deb
Checksums-Sha256:
12cff083a2298d7587749a7c06e1613eb3d4be829e055a3c9558fe472de25527 1592 libgd2_2.0.36~rc1~dfsg-3.1.dsc
9e71012f64e0624e3a8a4d8220d1d61c97b70df27e0e4fdf0f946291493950b9 29104 libgd2_2.0.36~rc1~dfsg-3.1.diff.gz
7d29c74769252068931042037c4e093b792e625bf4db357cc3b8f3add862b280 164508 libgd-tools_2.0.36~rc1~dfsg-3.1_i386.deb
2fd2902d20de90625d9e1160e3228beb16f7c61cf123b53548b0fa8f0e93c911 358442 libgd2-xpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
ac194c8af3c322c8e3f12004dd7f3039fc47ceb80c4c506f8a6f31b69ff7526c 356384 libgd2-noxpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
2e2adbae4bfac4b62d384962801fb1e8332c9c12adaf23221c4f9db21061d765 222442 libgd2-xpm_2.0.36~rc1~dfsg-3.1_i386.deb
98aa03b730274d6f7dc2f0e73209c12149dbc618ca2127cf5245e8314073c96e 220700 libgd2-noxpm_2.0.36~rc1~dfsg-3.1_i386.deb
Files:
dc598e56ecbdc05db936111a96c5b40f 1592 graphics optional libgd2_2.0.36~rc1~dfsg-3.1.dsc
83c33309cf42f4b3cf00bbef9915b747 29104 graphics optional libgd2_2.0.36~rc1~dfsg-3.1.diff.gz
b53e8db0a8e8942e026d82241b090a72 164508 graphics optional libgd-tools_2.0.36~rc1~dfsg-3.1_i386.deb
264d2fb78e736d686dca8581be3793e3 358442 libdevel optional libgd2-xpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
73ed45a0688886fc38926c67dd0368ff 356384 libdevel optional libgd2-noxpm-dev_2.0.36~rc1~dfsg-3.1_i386.deb
d4dbdb01a86e870e9aa4e3a9be9fbc94 222442 libs optional libgd2-xpm_2.0.36~rc1~dfsg-3.1_i386.deb
b0fca6d8ff696379ae2351354f40ffc6 220700 libs optional libgd2-noxpm_2.0.36~rc1~dfsg-3.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr4faMACgkQNxpp46476aqIRgCcD/UxE1Ym6N8ZrJEnRRCa8o7t
CX4AoJGCTQQz7fgBeLcMkOab2wsjV93N
=7xfW
-----END PGP SIGNATURE-----
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Sat, 05 Dec 2009 21:24:08 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer.
(Sat, 05 Dec 2009 21:24:09 GMT) (full text, mbox, link).
Message #18 received at 552534-close@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Source-Version: 2.0.36~rc1~dfsg-3+lenny1
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive:
libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb
to main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb
libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
to main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
to main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
to main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
to main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz
to main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz
libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc
to main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552534@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 09 Nov 2009 21:46:06 +0100
Source: libgd2
Binary: libgd-tools libgd2-xpm-dev libgd2-noxpm-dev libgd2-xpm libgd2-noxpm
Architecture: source i386
Version: 2.0.36~rc1~dfsg-3+lenny1
Distribution: stable-security
Urgency: high
Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libgd-tools - GD command line tools and example code
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Closes: 552534
Changes:
libgd2 (2.0.36~rc1~dfsg-3+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
via crafted files (Closes: #552534)
Checksums-Sha1:
b304076e9dc66bb1c483c5053ca9dabe0cc7b59a 1612 libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc
e93c43f3c2283c6fe09793ac06a4a106374e0cb3 761899 libgd2_2.0.36~rc1~dfsg.orig.tar.gz
1dbaca4148dda1fd4e5b04b25bfcc0c4d31c954b 29122 libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz
8322a46c9db5cbd8e393a295cd21081acdf249f4 164292 libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb
0eabed6cf9ef00d24f62c6f9b1ff141ba70bfa7f 358974 libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
8b69116523ccbc31bb86fe14f0fad492f62db49a 356634 libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
745d8e1f9d3f5d595855f5fba94f5cf75c12ed28 222606 libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
c0975cfc501d94f39fb287c23ea13360ffe21783 220836 libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
Checksums-Sha256:
6b728d921082dc0efadc1040cc696780fe39204ea2815a43bcb6ed14fbcabd59 1612 libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc
919df21310ad4a8b6155df01411138110589cc6c50b1bc414dc62aebb0a7f41a 761899 libgd2_2.0.36~rc1~dfsg.orig.tar.gz
402d759a1c2206e90c020cbf41772d698b0939b66840db02bbdb9754f41bbdab 29122 libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz
941251938f949b045ecbd69361a7652031b338c82647cd3c573d17bbc7e16ce4 164292 libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb
26757caf8f27caa834202e8f4a7073eb4cade81a1570ce28d85a78e27d87a223 358974 libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
10bc73ddbee03658c9838285e80ace656f8a731851b415f7f1fbd33838e7ef6d 356634 libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
02da0effba81c872e0868d3a42a163dd923e68a6a17930d226d927906ca4a9f0 222606 libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
5b8a16d4e924577c860596aad9cbf3fe214b016541686d4d9b287baad0a78b7f 220836 libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
Files:
861ee81768001cad3679f7e6b4c16268 1612 graphics optional libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc
0f4d2fa45627af0e87fcb74f653b66dd 761899 graphics optional libgd2_2.0.36~rc1~dfsg.orig.tar.gz
ba98bcc559da7cfaf6af0269e6d6c973 29122 graphics optional libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz
877bc158847f598be3175fcf1caca555 164292 graphics optional libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb
797889cfec6a71fbc8dea99014a22d5d 358974 libdevel optional libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
8687049dc7503710e7b9798818ec10a0 356634 libdevel optional libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
640114552f4d79220a99ed754bc8b149 222606 libs optional libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
7fe4a8f4404f923bb3c2753c8801b945 220836 libs optional libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr5NTkACgkQNxpp46476aqXXQCglkGCEvrYDFgZn/+Yu7i+j4Oc
CMgAnAjkgnjqjtccm3Da2XtyrbBxnyER
=di+e
-----END PGP SIGNATURE-----
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Sat, 05 Dec 2009 22:18:05 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer.
(Sat, 05 Dec 2009 22:18:05 GMT) (full text, mbox, link).
Message #23 received at 552534-close@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Source-Version: 2.0.33-5.2etch4
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive:
libgd-tools_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd-tools_2.0.33-5.2etch4_i386.deb
libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
libgd2-noxpm_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch4_i386.deb
libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
libgd2-xpm_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch4_i386.deb
libgd2_2.0.33-5.2etch4.diff.gz
to main/libg/libgd2/libgd2_2.0.33-5.2etch4.diff.gz
libgd2_2.0.33-5.2etch4.dsc
to main/libg/libgd2/libgd2_2.0.33-5.2etch4.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552534@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 10 Nov 2009 10:15:53 +0100
Source: libgd2
Binary: libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2-xpm-dev libgd-tools
Architecture: source i386
Version: 2.0.33-5.2etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libgd-tools - GD command line tools and example code
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Closes: 408982 552534
Changes:
libgd2 (2.0.33-5.2etch4) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
via crafted files (Closes: #552534)
* Fixed CVE-2007-0455: Buffer overflow in the gdImageStringFTEx function in
gdft.c (Closes: #408982)
Files:
c143f788dec8bc93ba7d80532600e09c 988 libs optional libgd2_2.0.33-5.2etch4.dsc
d2f4b2221cb0e05063f85157711638c7 301479 libs optional libgd2_2.0.33-5.2etch4.diff.gz
be7a5db664baec27428b8092acd942a9 143160 graphics optional libgd-tools_2.0.33-5.2etch4_i386.deb
c6374428f8f2fc3c56cca141fda12267 335496 libdevel optional libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
16b228575857c08de542a1679bcde839 333956 libdevel optional libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
faa4e27f258d87a2d6716a1c7522ae96 198922 libs optional libgd2-xpm_2.0.33-5.2etch4_i386.deb
70de99f091a5ca73c3a9e14735a7f715 197048 libs optional libgd2-noxpm_2.0.33-5.2etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr5MsYACgkQNxpp46476aqq6wCaAl5wT78dAZwx3hpBD7SrY2pJ
IuoAnA4gD0PWKDsmW3xLehwzm9CMT+Iz
=FrTS
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 03 Jan 2010 07:29:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:08:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon