aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Gustavo Zacarias <gustavo@zacarias.com.ar>2017-01-19 10:44:51 -0300
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-01-20 15:59:24 +0100
commit3f72645e89ddebe19b69e7396965770cfd27bb65 (patch)
tree86fc4ad9060b8699b043d8fe43092f5ad049bd74
parentfc4e332ec7b1d180298b24c01ae1fc495362b0bb (diff)
downloadbuildroot-3f72645e89ddebe19b69e7396965770cfd27bb65.tar.gz
buildroot-3f72645e89ddebe19b69e7396965770cfd27bb65.tar.bz2
gd: security bump to version 2.2.4
Fixes: CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. CVE-2016-6912 - double-free in gdImageWebPtr() (without CVE): Potential unsigned underflow in gd_interpolation.c DOS vulnerability in gdImageCreateFromGd2Ctx() Signed Integer Overflow gd_io.c Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 39885cc5b0c6ff175fe3a115231bc2428840e7b7)
-rw-r--r--package/gd/gd.hash2
-rw-r--r--package/gd/gd.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/gd/gd.hash b/package/gd/gd.hash
index eb3da4274d..a1991b1820 100644
--- a/package/gd/gd.hash
+++ b/package/gd/gd.hash
@@ -1,2 +1,2 @@
# Locally calculated
-sha256 746b6cbd6769a22ff3ba6f5756f3512a769bd4cdf4695dff17f4867f25fa7d3c libgd-2.2.3.tar.xz
+sha256 137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6 libgd-2.2.4.tar.xz
diff --git a/package/gd/gd.mk b/package/gd/gd.mk
index 0777bdb129..63d16eb3ca 100644
--- a/package/gd/gd.mk
+++ b/package/gd/gd.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GD_VERSION = 2.2.3
+GD_VERSION = 2.2.4
GD_SOURCE = libgd-$(GD_VERSION).tar.xz
GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
GD_INSTALL_STAGING = YES