New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update gdImage*Ptr() functions for possible Double free bugs #492

Closed
y3noor opened this Issue Jan 15, 2019 · 6 comments

Comments

Projects
None yet
4 participants
@y3noor
Copy link

y3noor commented Jan 15, 2019

Hi, please commit the patch file.

@vapier

This comment has been minimized.

Copy link
Member

vapier commented Jan 17, 2019

you haven't attached any patches or linked to any bugs/patches/websites. so what are you asking for ?

@y3noor

This comment has been minimized.

Copy link
Author

y3noor commented Jan 17, 2019

Hi, the patch file has been sent to mailing list mounts ago and here I added.

https://0bin.asis.io/paste/+yPxFkcF#GHj3EaZckDwD-+d6k/fr3uwpzGg3yBD1jElc5FJiyXE

@y3noor y3noor closed this Jan 17, 2019

@y3noor y3noor reopened this Jan 17, 2019

@vapier

This comment has been minimized.

Copy link
Member

vapier commented Jan 17, 2019

if you have a patch you want to merge, please send a PR. we don't use random pastebin websites.

@y3noor

This comment has been minimized.

Copy link
Author

y3noor commented Jan 17, 2019

@cmb69 cmb69 closed this in 5537029 Jan 17, 2019

@cmb69

This comment has been minimized.

Copy link
Contributor

cmb69 commented Jan 17, 2019

@vapier We need to release 2.2.6 or 2.3.0 (I believe there are a few more sec fixes pending) – could you do this soon?

php-pulls pushed a commit to php/php-src that referenced this issue Jan 19, 2019

Sync with upstream
Even though libgd/libgd#492 is not a relevant bug fix for PHP, since
the binding doesn't use the `gdImage*Ptr()` functions at all, we're
porting the fix to stay in sync here.
@carnil

This comment has been minimized.

Copy link

carnil commented Jan 28, 2019

This issue has been assigned CVE-2019-6978.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment