--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/190_php_18857741.patch Thu Feb 12 10:14:29 2015 -0800
@@ -0,0 +1,31 @@
+Fix for CVE-2014-2497
+Patch:
+http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420
+Code:
+http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420
+Verified by hand that it patches the correct code.
+
+
+diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
+index 73f86e5..b69414e 100644
+--- a/ext/gd/libgd/gdxpm.c
++++ b/ext/gd/libgd/gdxpm.c
+@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
+ if (ret != XpmSuccess) {
+ return 0;
+ }
++ number = image.ncolors;
++ for(i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color) {
++ goto done;
++ }
++ }
+
+ if (!(im = gdImageCreate(image.width, image.height))) {
+ goto done;
+ }
+
+- number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
+ switch (strlen (image.colorTable[i].c_color)) {