diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2016-10-13 11:10:02 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2016-10-13 11:10:02 +0200 |
commit | cc08cbc84d46933c1e9e0149633f1ed5d19e45e9 (patch) | |
tree | 7cb5762821bae03e18ad9a64b5c1ec6a7c75be80 /NEWS | |
parent | 43ccf23d700ae780451e257f5a66d4210f82f026 (diff) | |
download | php-git-cc08cbc84d46933c1e9e0149633f1ed5d19e45e9.tar.gz |
Fix #73280: Stack Buffer Overflow in GD dynamicGetbuf
We make sure to never pass a negative `rlen` as size to memcpy().
Cf. <https://github.com/libgd/libgd/commit/53110871>.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -7,6 +7,7 @@ PHP NEWS . Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()). (cmb) . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb) + . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb) - SOAP: . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol) |