GD 2.40 Deleted
Security Advisories
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
- https://nvd.nist.gov/vuln/detail/CVE-2019-6977
- https://bugs.php.net/bug.php?id=77270
- http://php.net/ChangeLog-7.php
- http://php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/106731
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://www.debian.org/security/2019/dsa-4384
- https://usn.ubuntu.com/3900-1/
- https://security.netapp.com/advisory/ntap-20190315-0003/
- https://security.gentoo.org/glsa/201903-18
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
- http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html
- https://www.exploit-db.com/exploits/46677/
- https://access.redhat.com/errata/RHSA-2019:2519
- https://access.redhat.com/errata/RHSA-2019:3299
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
Fixed version: >=2.72
Severity: high
Reported: 2019-01-27
Kwalitee Issues
- meta_yml_conforms_to_known_spec
-
Take a look at the META.yml Spec at https://metacpan.org/pod/CPAN::Meta::History::Meta_1_4 (for version 1.4) or https://metacpan.org/pod/CPAN::Meta::Spec (for version 2), and change your META.yml accordingly.
Error: License '<undef>' is invalid (license) [Validation: 1.3];Missing mandatory field, 'license' (license) [Validation: 1.3]
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: GD-2.40/GD.pm -- Around line 463: You forgot a '=back' before '=head1' Around line 475: '=item' outside of any '=over'
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: GD, GD::Group, GD::Polygon, GD::Polyline, GD::Simple
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.2,1,2.40
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.