Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-2756

Source

Debian Bug report logs - #425584
libgd2: Infinite loop in PNG loader.

Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@tracker.debian.org>;

Reported by: pierre.php@gmail.com

Date: Tue, 22 May 2007 16:45:01 UTC

Severity: important

Tags: security

Merged with 426100

Found in version 2.0.33

Fixed in version 2.0.36~rc1~dfsg-1

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>:
Bug#425584; Package libgd2. (full text, mbox, link).

Acknowledgement sent to "Pierre A. Joye" <pierre@bugs.libgd.org>:
New Bug report received and forwarded. Copy sent to Jonas Smedegaard <dr@jones.dk>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: libgd2
Version: 2.0.33
Severity: normal


See cve-2007-2756 and/or http://bugs.libgd.org/?do=details&task_id=86
Patch to fix this issue:
http://pierre.libgd.org/debian/cve-2007-2756_patch.txt (already applied
in gd cvs and php-gd cvs in cvs.php.net)

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.33grs-bipiv-ipv4-32
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages libgd2 depends on:
ii  libc6                 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii  libfreetype6          2.1.7-6            FreeType 2 font engine, shared lib
ii  libjpeg62             6b-10              The Independent JPEG Group's JPEG 
ii  libpng2               1.0.18-1           PNG library, older version - runti
pn  xlibs                                    Not found.
ii  zlib1g                1:1.2.2-4.sarge.2  compression library - runtime

Owner recorded as pierre.php@gmail.com. Request was from sean finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 23 May 2007 19:12:06 GMT) (full text, mbox, link).

Changed Bug submitter from "Pierre A. Joye" <pierre@bugs.libgd.org> to pierre.php@gmail.com. Request was from sean finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 23 May 2007 19:15:02 GMT) (full text, mbox, link).

Removed annotation that Bug was owned by pierre.php@gmail.com. Request was from sean finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 23 May 2007 19:15:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>:
Bug#425584; Package libgd2. (full text, mbox, link).

Acknowledgement sent to sean finney <seanius@debian.org>:
Extra info received and forwarded to list. Copy sent to Jonas Smedegaard <dr@jones.dk>. (full text, mbox, link).

Message #16 received at 425584@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

hi,

i previously emailed jonas tonight with a patch that can be used to 
incorporate fixes for the above bugs in etch.  for posterity, here it is.  i 
hear there are going to be a few more security issues surfacing in the near 
future, so i won't be sending this to the security team yet, but if i haven't 
heard a request not to do so i will probably do so after the other issues are 
dealt with.


	sean

[libgd2_2.0.33-5.2etch4.interdiff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Forcibly Merged 425584 426100. Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Sun, 12 Aug 2007 22:33:02 GMT) (full text, mbox, link).

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Fri, 12 Apr 2013 06:36:12 GMT) (full text, mbox, link).

Notification sent to pierre.php@gmail.com:
Bug acknowledged by developer. (Fri, 12 Apr 2013 06:36:12 GMT) (full text, mbox, link).

Message #23 received at 425584-done@bugs.debian.org (full text, mbox, reply):

Version: 2.0.36~rc1~dfsg-1

--
Ondřej Surý <ondrej@sury.org>

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Fri, 12 Apr 2013 06:36:13 GMT) (full text, mbox, link).

Notification sent to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer. (Fri, 12 Apr 2013 06:36:13 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 10 May 2013 07:25:55 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:19:51 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

libgd2: Infinite loop in PNG loader.

Debian Bug report logs - #425584
libgd2: Infinite loop in PNG loader.

Vulmon Search

About

Products

Connect

libgd2: Infinite loop in PNG loader.

Debian Bug report logs - #425584 libgd2: Infinite loop in PNG loader.

Vulmon Search

About

Products

Connect

Debian Bug report logs - #425584
libgd2: Infinite loop in PNG loader.