gimp (2.6.8-2ubuntu1.5) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed .fit file header
    - debian/patches/10_CVE-2012-3236.patch: check for valid XTENSION
      header in plug-ins/file-fits/fits-io.c.
    - CVE-2012-3236
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted KiSS palette file
    - debian/patches/11_CVE-2012-3403.patch: validate return codes and
      header data in plug-ins/common/file-cel.c.
    - CVE-2012-3403
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted GIF image file
    - debian/patches/12_CVE-2012-3481.patch: validate sizes, and prevent
      overflows in plug-ins/common/file-gif-load.c.
    - CVE-2012-3481
 -- Marc Deslauriers <email address hidden>   Wed, 05 Sep 2012 15:53:06 -0400

Marc Deslauriers on 2012-09-05
Ubuntu Desktop
Low Urgency

File Size SHA-256 Checksum
gimp_2.6.8.orig.tar.bz2 15.6 MiB d5d4218b742390157fca23a9d2cce436904546a2ea419ffeb44a5f43c99a3332
gimp_2.6.8-2ubuntu1.5.debian.tar.gz 50.0 KiB ed848fba2b7197448c6342072777eddfe8b9bd641308796ff23efd5195249a28
gimp_2.6.8-2ubuntu1.5.dsc 2.7 KiB b744fa9a676ef6faf741648d0ac15b2f973e8237ca65dfe6f0cc193b4741e83d

Binary packages built by this source

gimp: The GNU Image Manipulation Program

 GIMP lets you draw, paint, edit images, and much more! GIMP
 includes the functionality and plug-ins of other famous image
 editing and processing programs.
 If you'd like to be able to open files remotely (like over HTTP or FTP),
 install the gvfs-backends package.
 If you'd like to use a MIDI device as an input controller in GIMP,
 install libasound2 and read the how-to at /usr/share/doc/gimp/README.MIDI
 If you'd like to be able to read and write PostScript files from GIMP,
 install the ghostscript package.

gimp-data: Data files for GIMP

 This package contains architecture-independent supporting data files
 for use with GIMP.

gimp-dbg: Debugging symbols for GIMP

 This package includes the debugging symbols useful for debugging
 GIMP and its libraries, contained in the gimp and libgimp2.0 packages.
 The debugging symbols are used for execution tracing and core dump

libgimp2.0: Libraries for the GNU Image Manipulation Program

 This package includes the libgimp libraries, which are
 necessary to run GIMP and third-party GIMP plugins.

libgimp2.0-dev: Headers and other files for compiling plugins for GIMP

 This package contains the header files for the GNU Image Manipulation
 Program, along with the static versions of libgimp.
 It also includes the gimptool-2.0 utility.
 Install this package if you wish to compile your own plugins,
 or if you wish to develop packages that use libgimp.

libgimp2.0-doc: Developers' Documentation for the GIMP library

 This package contains the HTML documentation for the GIMP library in
 /usr/share/gtk-doc/html/ .