Publishing details

Superseded on 2018-02-25 by gimp - 2.8.20-2
Published on 2018-01-01

Changelog

gimp (2.8.20-1.1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Ari Pollak ]
  * Move gimp to Enhances on gimp-data instead of Recommends (Closes: #860766)

  [ Salvatore Bonaccorso ]
  * Out of bounds read / heap overflow in TGA importer (CVE-2017-17786)
    (Closes: #884862)
  * plug-ins: TGA 16-bit RGB (without alpha bit) is also valid
  * Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837)
  * heap overread in gbr parser / load_image (CVE-2017-17784)
    (Closes: #884925)
  * heap overread in psp importer (CVE-2017-17787) (Closes: #884927)
  * Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836)
  * buffer overread in XCF parser if version field has no null terminator
    (CVE-2017-17788) (Closes: #885347)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 26 Dec 2017 22:11:46 +0100

Available diffs

diff from 2.8.20-1 to 2.8.20-1.1 (5.1 KiB)

Builds

Package files

gimp_2.8.20-1.1.debian.tar.xz (44.1 KiB)
gimp_2.8.20-1.1.dsc (3.2 KiB)
gimp_2.8.20.orig.tar.bz2 (19.9 MiB)