1
PublicDateAtUSN: 2016-06-30
2
Candidate: CVE-2016-6132
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132
6
http://www.openwall.com/lists/oss-security/2016/06/30
7
https://usn.ubuntu.com/usn/usn-3060-1
9
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd)
10
before 2.2.3 allows remote attackers to cause a denial of service
11
(out-of-bounds read) via a crafted TGA file.
14
mdeslaur> php uses the system libgd2
16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829694
17
https://github.com/libgd/libgd/issues/247
23
upstream: https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d (247)
24
upstream: https://github.com/libgd/libgd/commit/0878ffde554d6094a357fc1e118321d2e9712d34 (247 tests)
25
upstream: https://github.com/libgd/libgd/commit/981060efd6415ed9a08a6aa343e6e195bf65fb47 (248)
26
upstream: https://github.com/libgd/libgd/commit/bd0b820b8647feefcace20ae13856f6028c6a4dd (248 tests)
27
upstream: https://github.com/libgd/libgd/commit/ff0234f4da6d1116c0baa66eebd8497526f7a5d9 (248 better)
28
upstream: https://github.com/libgd/libgd/commit/4d8f54bd0bcede37138db29e371611f334092fc2 (248 more tests)
29
upstream_libgd2: needs-triage
30
precise_libgd2: not-affected (code not present)
31
trusty_libgd2: released (2.1.0-3ubuntu0.3)
32
vivid/stable-phone-overlay_libgd2: DNE
33
vivid/ubuntu-core_libgd2: DNE
34
wily_libgd2: ignored (reached end-of-life)
35
xenial_libgd2: released (2.1.1-4ubuntu0.16.04.3)
36
devel_libgd2: released (2.2.1-1ubuntu3)
39
upstream_php5: needs-triage
40
precise_php5: not-affected (uses system gd)
41
trusty_php5: not-affected (uses system gd)
42
vivid/ubuntu-core_php5: DNE
43
vivid/stable-phone-overlay_php5: DNE
44
wily_php5: not-affected (uses system gd)
49
upstream_php7.0: needs-triage
52
vivid/ubuntu-core_php7.0: DNE
53
vivid/stable-phone-overlay_php7.0: DNE
55
xenial_php7.0: not-affected (uses system gd)
56
devel_php7.0: not-affected (uses system gd)