[SECURITY] [DLA 189-1] libgd2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libgd2
Version : 2.0.36~rc1~dfsg-5+deb6u1
CVE ID : CVE-2014-2497 CVE-2014-9709
Debian Bug : 744719
Multiple vulnerabilities were discovered in libgd2, a graphics library:
CVE-2014-2497
The gdImageCreateFromXpm() function would try to dereference a NULL
pointer when reading an XPM file with a special color table. This
could allow remote attackers to cause a denial of service (crash) via
crafted XPM files.
CVE-2014-9709
Importing an invalid GIF file using the gdImageCreateFromGif() function
would cause a read buffer overflow that could allow remote attackers to
cause a denial of service (crash) via crafted GIF files.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJVJWRXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHogsQALGpAze4RSAKYvbfeBRNypns
UMiRSXZFKpafPAFDl63sH6cs0p/8PDWsxRBlWlEzHJGy6DiNZvae+eNA5yjvrEGu
outy3yU53aWhe8Utyed32yPSzsanCcQlovpwn+02yx+efSpJqoytxY3VbVjRf9u5
PWSefp3Fc6nurqhzOCWi7R4tC7X4b9NY9X/JOXiWV9ZRHMdYbTFgxsm6ZaXP4Mbq
nMYjsTfv26X7bqntETaHkpOAQn51waoThZtjR46ZcDGdeVFZ7UktmKSdEtJtsPAj
ApSzZFF4+Df48i1uwZvY+wBqT+GevLP9f5jzS4xLN8K4vEB5zIk51cWn0v6jmT/7
D0qy5RzUi1YMzKw51m9TPujAlEM2w+sXoCQABbeLJfIC8xhNCWccTBJuegSWBvT+
L5jBpiKW9thks8TcFBHI+krCZH+J0q+yVgBMKas22n83a+y7Q2IHzPMbZjLYNDbO
yMAbSA1nUftwBog7Xliv5uKxII82Q+q6A+y2z4MbJ21rpWm28qLBiqmYWJfMSo/v
bSio5m8K6H1/gV6OCA9kF83vBydEqLzwo1zya3BciCLo6VS6WkFHnvX4PdDy3ttU
qTkknHFGnmjnj9J9GT3eFwWGaWm0iCHPEt8uApSxDiyWcNzlvWD8V1YrUKckZ5xl
cnVmjM/mYe1fdK9sBK6I
=ZCCT
-----END PGP SIGNATURE-----
Reply to: