Debian Patches
Status for libgd-perl/2.84-3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| pkgconfig-multiarch.patch | Tell Makefile.PL where to find .pc file | gregor herrmann <gregoa@debian.org> | not-needed | vendor | 2026-01-24 | |
| Fix-CVE-2026-11526-command-injection-via-2-arg-open-.patch | Fix CVE-2026-11526: command injection via 2-arg open() in _make_filehandle Replace 2-arg open() with 3-arg open() so filenames beginning or ending with shell-magic prefixes (|, >) are always treated as literal pathnames rather than being interpreted as commands or redirects. CWE-78 (OS command injection, the pipe form) CWE-73 (external control of file name or path, the redirect form) |
Paul Johnson <paul@pjcj.net> | no | https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210 | 2026-06-08 |