UbuntuUpdates.org

Package "gimp-dbg"

Name: gimp-dbg

Description:

Debugging symbols for GIMP
Latest version: 2.8.10-0ubuntu1.2
Release: trusty (14.04)
Level: updates
Repository: main
Head package: gimp
Homepage: http://www.gimp.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gimp-dbg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "gimp-dbg" in Trusty

Repository Area Version
base main 2.8.10-0ubuntu1
security main 2.8.10-0ubuntu1.2

Changelog

Version: 2.8.10-0ubuntu1.2 2018-01-22 21:07:02 UTC

  gimp (2.8.10-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer over-read in load_image file-gbr.c
    - debian/patches/CVE-2017-17784.patch: fix in plug-ins/common/file-gbr.c.
    - CVE-2017-17784
  * SECURITY UPDATE: Heap-based buffer overflow in fli_read_brun function
    - debian/patches/CVE-2017-17785.patch: fix in plug-ins/file-fli/fli.c.
    - CVE-2017-17785
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2017-17786.patch: fix in plug-ins/common/file-tga.c.
    - CVE-2017-17786
  * SECURITY UPDATE: Heap-based buffer over-read in read_creator_block
    - debian/patches/CVE-2017-17787.patch: fix in plug-ins/common/file-psp.c.
    - CVE-2017-17787
  * SECURITY UPDATE: Stack-based buffer over-read in xcf_load_stream
    - debian/patches/CVE-2017-17788.patch: fix in app/xcf/xcf.c.
    - CVE-2017-17788
  * SECURITY UPDATE: Heap-based buffer overflow in read_channel_data
    - debian/patches/CVE-2017-17789.patch: fix in plug-ins/common/file-psp.c.
    - CVE-2017-17789

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 13:03:13 -0300
Source diff to previous version
CVE-2017-17784 In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling o
CVE-2017-17785 In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
CVE-2017-17786 In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-
CVE-2017-17787 In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
CVE-2017-17788 In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
CVE-2017-17789 In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

Version: 2.8.10-0ubuntu1.1 2016-07-05 20:06:29 UTC

  gimp (2.8.10-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple issues in XCF channel and layer properties
    - debian/patches/CVE-2016-4994.patch: properly clear pointers in
      app/xcf/xcf-load.c.
    - CVE-2016-4994

 -- Marc Deslauriers <email address hidden> Thu, 30 Jun 2016 12:41:29 -0400
CVE-2016-4994 Use-after-free vulnerabilities in the channel and layer properties parsing process


About   -   Send Feedback to @ubuntu_updates