Package: plt-scheme Version: 4.0.1-2 Severity: important Tags: security plt-scheme embeds a vulnerable version of libgd 2.x and appears to have the following present http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546. I have looked at gd_gd.c and it appears the following patch has not been applied http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557. There might be other CVEs which are relevant, but I have not investigated further.
Ideally, plt-scheme could use the system wide gd library and not link in the embedded copy.
