Format: 1.8 Date: Tue, 28 Nov 2023 07:38:10 -0500 Source: gimp Binary: gimp gimp-data libgimp2.0 libgimp2.0-dev libgimp2.0-doc Architecture: all amd64 amd64_translations Version: 2.10.18-1ubuntu0.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gimp - GNU Image Manipulation Program gimp-data - Data files for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Launchpad-Bugs-Fixed: 1982422 Changes: gimp (2.10.18-1ubuntu0.1) focal-security; urgency=medium . [ Luís Infante da Câmara ] * SECURITY UPDATE: Buffer overflow leading to insufficient memory or program crash via a crafted XCF file (LP: #1982422) - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to the next property when xcf_old_path fails. - CVE-2022-30067 * SECURITY UPDATE: Denial of service via a crafted XCF file (LP: #1982422) - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when loading XCF files. - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when loading XCF files. - debian/patches/CVE-2022-32990-3.patch: Return TRUE in gimp_channel_is_empty when channel is NULL. - CVE-2022-32990 . [ Marc Deslauriers ] * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow - debian/patches/CVE-2023-44441-1.patch: verify header information in plug-ins/file-dds/ddsread.c. - debian/patches/CVE-2023-44441-2.patch: fix checks in plug-ins/file-dds/ddsread.c. - debian/patches/CVE-2023-44441-3.patch: add additional fixes in plug-ins/file-dds/ddsread.c. - CVE-2023-44441 * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow - debian/patches/CVE-2023-44442.patch: add missing break statement in plug-ins/file-psd/psd-util.c. - CVE-2023-44442 * SECURITY UPDATE: PSP File Parsing Off-By-One - debian/patches/CVE-2023-44444.patch: fix buffer size in plug-ins/common/file-psp.c. - CVE-2023-44444 Checksums-Sha1: 832e878fe20eba1fdf1c621dd970442016d0cf82 7322452 gimp-data_2.10.18-1ubuntu0.1_all.deb 0d414a3309d2ff492814b1c05d95af662983ee9a 15214764 gimp-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb d99818bb9afa309245c99604f7b32f7d3a78da2d 23032 gimp_2.10.18-1ubuntu0.1_amd64.buildinfo 90ff8ebb5b583b36939cb2b53b77a2a1f2769f9a 4287584 gimp_2.10.18-1ubuntu0.1_amd64.deb ca3ae5460f310362b0b4fb33f645ee967a41de75 30806415 gimp_2.10.18-1ubuntu0.1_amd64_translations.tar.gz ad37d60533bb9ca2d9540f0034dac2d9671909a0 1326024 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb 4a47c59c9e4d2bd6d69e7eb581018e8a6d2e5854 18672 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb c1a3fae399f0221ebfff30c56d6545043546361e 103744 libgimp2.0-dev_2.10.18-1ubuntu0.1_amd64.deb 0a029d42e4ec4a7782051b6ad12f18d735dbd19b 917720 libgimp2.0-doc_2.10.18-1ubuntu0.1_all.deb 4bacd7d51fad9812c07de79de500fff81962b20a 428000 libgimp2.0_2.10.18-1ubuntu0.1_amd64.deb Checksums-Sha256: c9825898c36bb96072888bb227d2943457e5b2ee12eb929a470eaddbb51080f6 7322452 gimp-data_2.10.18-1ubuntu0.1_all.deb 8a85342049194f78fd8a6ee1be01dd51ff66e5e040a7d617fa3c08f9c51df4c8 15214764 gimp-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb 522a2818f51bbe8bbdfe6002ceb094054848f7fc656e46919b3739cec66a32f0 23032 gimp_2.10.18-1ubuntu0.1_amd64.buildinfo 6956cc0fe89db5e93197c1d7b6a5ee13e09cd61dcecde094a7144232cb275776 4287584 gimp_2.10.18-1ubuntu0.1_amd64.deb c07f5c298519567d7b807c82de57554c2414bcc9cec68937f69cd30c3247ecb8 30806415 gimp_2.10.18-1ubuntu0.1_amd64_translations.tar.gz 85ce0eb1fd73e52063cb429b62557436cacff920664aa516a764ae538ba137ec 1326024 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb 4cabf21c11026623700f41dd747c6747755899855a6fb3b661e933ab9817ba75 18672 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb c88d61ee8028e5f04d47c4192875a65e3faed0d477a33a5722ac0f778834d358 103744 libgimp2.0-dev_2.10.18-1ubuntu0.1_amd64.deb 202f3d2b45b95153291a4c8057bb090508ff549565d713486a600f4209005535 917720 libgimp2.0-doc_2.10.18-1ubuntu0.1_all.deb 86baa417a933c992ec71c83be7797e3a6e7d20525f7612d790baf7bce23af826 428000 libgimp2.0_2.10.18-1ubuntu0.1_amd64.deb Files: e16ff5063600ea313bdfcc687e0d73b4 7322452 graphics optional gimp-data_2.10.18-1ubuntu0.1_all.deb 2b69532d0eb063476e074081090ec16f 15214764 debug optional gimp-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb b5053b021834a50f51d01ab2788e7ac4 23032 graphics optional gimp_2.10.18-1ubuntu0.1_amd64.buildinfo e75633c350562c6bf47188eff339d72b 4287584 graphics optional gimp_2.10.18-1ubuntu0.1_amd64.deb 117afd3ee43363b96fb7c10602d73df5 30806415 raw-translations - gimp_2.10.18-1ubuntu0.1_amd64_translations.tar.gz f5477db02ad0389e8bf06c56bc0c3ca8 1326024 debug optional libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb 034dc298435a5e9fd37246512cf4c3d9 18672 debug optional libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_amd64.ddeb 06fe5658c582ab8cb37b235e51731c95 103744 libdevel optional libgimp2.0-dev_2.10.18-1ubuntu0.1_amd64.deb 1e42ed94a86fc655f5215096da3c1894 917720 doc optional libgimp2.0-doc_2.10.18-1ubuntu0.1_all.deb bda7f7b676a5b3f1edad14b0e2126716 428000 libs optional libgimp2.0_2.10.18-1ubuntu0.1_amd64.deb Original-Maintainer: Debian GNOME Maintainers