libgd-2.1.1 was released Wed 14 January 2015 and contains a lot of bugfixes. https://github.com/libgd/libgd/blob/master/ChangeLog According to https://bugzilla.redhat.com/show_bug.cgi?id=1076676#c33 there's important fixes in the 2.1.1 release. Some bugfixes seems to be security related by reading the ChangeLog. I propose to upgrade libgd-2.1.0 to libgd-2.1.1 for mga5. The 2.1.1 version is already in svn but needs someobne to submit it. I will take care of rebuilding the packages linking to the libgd library as a precaution. Reproducible: Steps to Reproduce:
Just in case you didn't see my response on the mailing list, repeating it here: I have no objection to this, I just wanted to say a few things: - there is a security-related fix in 2.1.1, but I already added the patch - Fedora's comment is irrelevant, they added a bad patch, but I had the good upstream one all along that they eventually switched to - that fix came from a PHP bug. We also have another patch from a PHP bug in the package. Why has that one not gone upstream? - speaking of that patch, you didn't need to rename it since it didn't change, and you should use svn mv if you do rename a patch
CC: (none) => luigiwalser
For reference. All patches applied to libgd-2.1.0-8.mga5.src.rpm has been applied upstream to the 2.1.1 version or is redundant except the libgd-2.1.1-phpbug65070.diff patch that got rediffed.
Fixed in libgd-2.1.1-1.mga5.
Status: NEW => RESOLVEDResolution: (none) => FIXED