package/gd: security bump to version 2.3.3 (a052ecb5) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit a052ecb5 authored Sep 13, 2021 by Fabrice Fontaine Committed by Peter Korsgaard Sep 14, 2021

package/gd: security bump to version 2.3.3

- Fix CVE-2021-40145: ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD
  Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE:
  the vendor's position is "The GD2 image format is a proprietary image
  format of libgd. It has to be regarded as being obsolete, and should
  only be used for development and testing purposes."
- Drop patch (already in version)
- Update hash of COPYING (duplicate merged and title added with
  https://github.com/libgd/libgd/commit/82d260950589563a1af9c56f4ce5fde843a695ae
  https://github.com/libgd/libgd/commit/6013c7bcf6eb795dba584f92d3824ebd3ae60202)

https://github.com/libgd/libgd/releases/tag/gd-2.3.3



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 0e5a901d

Hide whitespace changes

Inline Side-by-side

Please register or to comment