libgd2 (2.1.1-4ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: potential unsigned underflow
    - debian/patches/CVE-2016-10166.patch: refactor loop in
      src/gd_interpolation.c.
    - CVE-2016-10166
  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: OOB reads of the TGA decompression buffer
    - debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-1.patch: check for overflow in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-2.patch: add another overflow check in
      src/gd_tga.c.
    - CVE-2016-6906
  * SECURITY UPDATE: double-free in gdImageWebPtr()
    - debian/patches/CVE-2016-6912.patch: add helper function to indicate
      failure in src/gd_webp.c.
    - CVE-2016-6912
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      src/gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in
      src/gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 28 Feb 2017 10:29:32 -0500

libgd2 (2.1.1-4ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      src/gd_io_dp.c, check return code in src/gd_tiff.c.
    - CVE-2016-6911
  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow in gdImageWebpCtx
    - debian/patches/CVE-2015-7568.patch: check for overflow in
      src/gd_webp.c.
    - CVE-2016-7568
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in src/gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 18 Oct 2016 14:16:31 +0200

libgd2 (2.1.1-4ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: out of bounds read in TGA file parsing
    - debian/patches/CVE-2016-6132.patch: properly validate image data in
      src/gd_tga.c.
    - CVE-2016-6132
  * SECURITY UPDATE: OOB or OOM in gdImageScale
    - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
      and check return codes in src/gd.c, src/gd_interpolation.c.
    - CVE-2016-6207
  * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
    bpp/alphabit combinations
    - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
    - CVE-2016-6214

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 09 Aug 2016 09:38:28 -0400

libgd2 (2.1.1-4ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: stack overflow with large names
    - debian/patches/CVE-2016-5116.patch: properly handle names in
      src/gd_xbm.c.
    - CVE-2016-5116
  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in
      src/gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: denial of service via invalid color index
    - debian/patches/CVE-2016-6128.patch: check color index in
      src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
      tests/gdimagecrop/php_bug_72494.c.
    - CVE-2016-6128
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      src/gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 08 Jul 2016 14:22:56 -0400

libgd2 (2.1.1-4ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
    - debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
      src/gd_interpolation.c.
    - CVE-2015-8877
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      src/gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 26 May 2016 09:22:19 -0400

libgd2 (2.1.1-4build2) xenial; urgency=medium

  * Rebuild against libvpx3.

 -- Colin Watson <cjwatson@ubuntu.com>  Thu, 07 Jan 2016 00:57:20 +0000

libgd2 (2.1.1-4build1) wily; urgency=medium

  * No-change rebuild against new libvpx

 -- Iain Lane <iain@orangesquash.org.uk>  Fri, 24 Jul 2015 17:58:20 +0100

libgd2 (2.1.1-4) unstable; urgency=medium

  * Fix xmp vs xpm typo in Provides (Closes: #791435)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 07 Jul 2015 13:09:26 +0200

libgd2 (2.1.1-3) unstable; urgency=medium

  * Add libgd-{no,}xmp-dev to libgd-dev Provides to fix FTBFS in packages
    still depending on old name (Closes: #791435).  Thanks Mattia Rizzolo
    for catching this early.

 -- Ondřej Surý <ondrej@debian.org>  Tue, 07 Jul 2015 08:59:00 +0200

libgd2 (2.1.1-2) unstable; urgency=medium

  * Drop libgd2-{xpm,noxmp}-dev dummy packages

 -- Ondřej Surý <ondrej@debian.org>  Mon, 29 Jun 2015 13:38:39 +0200

# For older changelog entries, run 'apt-get changelog libgd3'