UbuntuUpdates.org

Package "gimp-data"

Name: gimp-data

Description:

Data files for GIMP
Latest version: 2.10.34-1ubuntu0.23.04.1
Release: lunar (23.04)
Level: security
Repository: universe
Head package: gimp
Homepage: https://www.gimp.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gimp-data"

All arch deb package
APT INSTALL

Other versions of "gimp-data" in Lunar

Repository Area Version
base universe 2.10.34-1
updates universe 2.10.34-1ubuntu0.23.04.1

Changelog

Version: 2.10.34-1ubuntu0.23.04.1 2023-11-29 14:07:00 UTC

  gimp (2.10.34-1ubuntu0.23.04.1) lunar-security; urgency=medium

  * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44441-1.patch: verify header information in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-2.patch: fix checks in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
      plug-ins/file-dds/ddsread.c.
    - CVE-2023-44441
  * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44442.patch: add missing break statement in
      plug-ins/file-psd/psd-util.c.
    - CVE-2023-44442
  * SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One
    - debian/patches/CVE-2023-44443_44444.patch: check
      color_palette_entries and fix buffer size in
      plug-ins/common/file-psp.c.
    - CVE-2023-44443
    - CVE-2023-44444

 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 09:00:59 -0500
CVE-2023-44441 GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44442 GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44443 GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2023-44444 GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability


About   -   Send Feedback to @ubuntu_updates