Format: 1.8
Date: Tue, 28 Nov 2023 07:38:10 -0500
Source: gimp
Binary: gimp libgimp2.0 libgimp2.0-dev
Architecture: arm64 arm64_translations
Version: 2.10.18-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-017.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 gimp       - GNU Image Manipulation Program
 libgimp2.0 - Libraries for the GNU Image Manipulation Program
 libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
Launchpad-Bugs-Fixed: 1982422
Changes:
 gimp (2.10.18-1ubuntu0.1) focal-security; urgency=medium
 .
   [ Luís Infante da Câmara ]
   * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
     program crash via a crafted XCF file (LP: #1982422)
     - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
       the next property when xcf_old_path fails.
     - CVE-2022-30067
   * SECURITY UPDATE: Denial of service via a crafted XCF file
     (LP: #1982422)
     - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
       loading XCF files.
     - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
       loading XCF files.
     - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
       gimp_channel_is_empty when channel is NULL.
     - CVE-2022-32990
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
     - debian/patches/CVE-2023-44441-1.patch: verify header information in
       plug-ins/file-dds/ddsread.c.
     - debian/patches/CVE-2023-44441-2.patch: fix checks in
       plug-ins/file-dds/ddsread.c.
     - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
       plug-ins/file-dds/ddsread.c.
     - CVE-2023-44441
   * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
     - debian/patches/CVE-2023-44442.patch: add missing break statement in
       plug-ins/file-psd/psd-util.c.
     - CVE-2023-44442
   * SECURITY UPDATE: PSP File Parsing Off-By-One
     - debian/patches/CVE-2023-44444.patch: fix buffer size in
       plug-ins/common/file-psp.c.
     - CVE-2023-44444
Checksums-Sha1:
 553d556c7765b2394ddd0a8ee0adfbd8fb34fa17 15265124 gimp-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 f480ce62455006c0dfbe5604e9aba48f381b3381 22422 gimp_2.10.18-1ubuntu0.1_arm64.buildinfo
 c4ad631f5cec689dda0f076193c6c030b6d94591 3885352 gimp_2.10.18-1ubuntu0.1_arm64.deb
 eb8db67896a21b250f13d0171bf2b7afb8ff8c9a 18140860 gimp_2.10.18-1ubuntu0.1_arm64_translations.tar.gz
 c704a82511ead5071bd9fa890068a99058005c3f 1322988 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 96f5ce3e0a6c10792dece40fc1d54e5f1a80445f 19024 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 16a1fb56e536f988af50b87918772e10a2ed8db1 103336 libgimp2.0-dev_2.10.18-1ubuntu0.1_arm64.deb
 2504f83348ff18ead0b077342aac1487d89b6227 393932 libgimp2.0_2.10.18-1ubuntu0.1_arm64.deb
Checksums-Sha256:
 701ea0d61739d4581d0315f12e20b584b1bac94550f1c2b721041d66c51f6ccb 15265124 gimp-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 94f5ed1a0f1291b8d2eb283735424a32283c81705057739122a32bb94883811e 22422 gimp_2.10.18-1ubuntu0.1_arm64.buildinfo
 fed5ab7c51b9f46bda30245b569abb9cb27cb9eef93d1273236d41a2657a37de 3885352 gimp_2.10.18-1ubuntu0.1_arm64.deb
 f566cd42637de24746d73d27bf636c17a48e7901f485b0c93051336fd3417ba2 18140860 gimp_2.10.18-1ubuntu0.1_arm64_translations.tar.gz
 ad4bbc4546450ceb575de6ba1b2600e229060f769b61d4fb1fb742149c078d84 1322988 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 64b6a851712e5951121c071c47592ba5bb2abfb778e29e87d1f5ba618dfe9f49 19024 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 9a192aaa44517c830cfb0432239ec6dfdbdd4e46f691ff11eb909217e2b0871f 103336 libgimp2.0-dev_2.10.18-1ubuntu0.1_arm64.deb
 13ad9426f8256d46dea263207cda9d9e5bd9560a24735a9e24e0dc0bf638eaea 393932 libgimp2.0_2.10.18-1ubuntu0.1_arm64.deb
Files:
 54756c8bfc19295c1bb7291d4116b2a5 15265124 debug optional gimp-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 84577a2d708d75c3c0aec1070ce666ef 22422 graphics optional gimp_2.10.18-1ubuntu0.1_arm64.buildinfo
 13b8698060e7ec1eee710a93fe1c2501 3885352 graphics optional gimp_2.10.18-1ubuntu0.1_arm64.deb
 f7a1aa42728e70a711e741151528678f 18140860 raw-translations - gimp_2.10.18-1ubuntu0.1_arm64_translations.tar.gz
 924de3ae06c5a195720e5271c744ffe0 1322988 debug optional libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 ff225a86bc6dc62121edcb56d85cc86c 19024 debug optional libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_arm64.ddeb
 e63e43f4ef598918834952afbdac80dc 103336 libdevel optional libgimp2.0-dev_2.10.18-1ubuntu0.1_arm64.deb
 9e92d7cad8fe6d1c75820f5f92037f12 393932 libs optional libgimp2.0_2.10.18-1ubuntu0.1_arm64.deb
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>