Format: 1.8 Date: Tue, 28 Nov 2023 07:38:10 -0500 Source: gimp Binary: gimp libgimp2.0 libgimp2.0-dev Built-For-Profiles: noudeb Architecture: armhf armhf_translations Version: 2.10.30-1ubuntu0.1 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Launchpad-Bugs-Fixed: 1982422 Changes: gimp (2.10.30-1ubuntu0.1) jammy-security; urgency=medium . [ Luís Infante da Câmara ] * SECURITY UPDATE: Buffer overflow leading to insufficient memory or program crash via a crafted XCF file (LP: #1982422) - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to the next property when xcf_old_path fails. - CVE-2022-30067 * SECURITY UPDATE: Denial of service via a crafted XCF file (LP: #1982422) - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when loading XCF files. - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when loading XCF files. - debian/patches/CVE-2022-32990-3.patch: Return TRUE in gimp_channel_is_empty when channel is NULL. - CVE-2022-32990 . [ Marc Deslauriers ] * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow - debian/patches/CVE-2023-44441-1.patch: verify header information in plug-ins/file-dds/ddsread.c. - debian/patches/CVE-2023-44441-2.patch: fix checks in plug-ins/file-dds/ddsread.c. - debian/patches/CVE-2023-44441-3.patch: add additional fixes in plug-ins/file-dds/ddsread.c. - CVE-2023-44441 * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow - debian/patches/CVE-2023-44442.patch: add missing break statement in plug-ins/file-psd/psd-util.c. - CVE-2023-44442 * SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One - debian/patches/CVE-2023-44443_44444.patch: check color_palette_entries and fix buffer size in plug-ins/common/file-psp.c. - CVE-2023-44443 - CVE-2023-44444 Checksums-Sha1: e04b03f8635b830d0930ae5505b2f6eddd21a10e 15500338 gimp-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb 8e3b8a2b9ab9b31ee5c92491f0c433dc639c0efd 22011 gimp_2.10.30-1ubuntu0.1_armhf.buildinfo 1ed0271be58be7f099a0a42f5d6090ef228de8da 4286828 gimp_2.10.30-1ubuntu0.1_armhf.deb ac6bd5be3fa5d815a442396da2b51e01f426cc22 18863123 gimp_2.10.30-1ubuntu0.1_armhf_translations.tar.gz 46e53db973bd94be3ed7047530ef66f5758a3134 1352738 libgimp2.0-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb 88b214d9fb222d1967df5b4e0f5f9ca8b7a7f6c2 17104 libgimp2.0-dev-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb e89c3a6039dfe299d61c02ef97b3e6e8c3928070 119616 libgimp2.0-dev_2.10.30-1ubuntu0.1_armhf.deb e4ee1de1b65b5f1f9e234fb598f540045b24c476 436008 libgimp2.0_2.10.30-1ubuntu0.1_armhf.deb Checksums-Sha256: b025e0568b3e67bfa6ebd622c46acbba4d76ee75f9ae35d5bf337d73020d2b11 15500338 gimp-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb a97406a575674d2c76114f995a781de0816bfa37e716ef6c4f596e50be4d2d36 22011 gimp_2.10.30-1ubuntu0.1_armhf.buildinfo 0db5c7fc47257fc0f92786a676ca6d71444f20538d73a32cee118e0845ba29a9 4286828 gimp_2.10.30-1ubuntu0.1_armhf.deb d7c025a6b3e870754eec98bede84c62fca59eed75dc944b4736123be22d532e3 18863123 gimp_2.10.30-1ubuntu0.1_armhf_translations.tar.gz 01c0e44fa94f24cdbe758edd388e0892b222e08f244b6f0e88fd3dab3071ee65 1352738 libgimp2.0-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb 0c7df1ad6316102ba454eea11862c72cb6f1b9cb47fd5630888f0d442c31d59e 17104 libgimp2.0-dev-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb 93ee39e7a3bdaede828bb5ad282c2ce563c0938aa402c41fa8d6305afe0132ee 119616 libgimp2.0-dev_2.10.30-1ubuntu0.1_armhf.deb fa3f06b53f4519595c44d89baf9a8fc1490fa1f7880366df9c5b7283465c1fd0 436008 libgimp2.0_2.10.30-1ubuntu0.1_armhf.deb Files: a912e119c61e18a02c3f9ce9ca81260c 15500338 debug optional gimp-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb 0dbef3eae00a3712ab40df7757503ad9 22011 graphics optional gimp_2.10.30-1ubuntu0.1_armhf.buildinfo dd3e38f7dda4465752a19777ca3e87bf 4286828 graphics optional gimp_2.10.30-1ubuntu0.1_armhf.deb af7bd10b11336e58770e1f4ecace4b1a 18863123 raw-translations - gimp_2.10.30-1ubuntu0.1_armhf_translations.tar.gz 8b936cbaa9ecf4b505dd096ce6e47e49 1352738 debug optional libgimp2.0-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb c00e75071b5b074dea2fb803efa604da 17104 debug optional libgimp2.0-dev-dbgsym_2.10.30-1ubuntu0.1_armhf.ddeb 7cf250c683a4032e69b08b87599d0741 119616 libdevel optional libgimp2.0-dev_2.10.30-1ubuntu0.1_armhf.deb f2337cba060af42c907f43e529572399 436008 libs optional libgimp2.0_2.10.30-1ubuntu0.1_armhf.deb Original-Maintainer: Debian GNOME Maintainers