Format: 1.8 Date: Tue, 28 Nov 2023 07:38:10 -0500 Source: gimp Binary: gimp libgimp2.0 libgimp2.0-dev Built-For-Profiles: noudeb Architecture: riscv64 riscv64_translations Version: 2.10.30-1ubuntu0.1 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Launchpad-Bugs-Fixed: 1982422 Changes: gimp (2.10.30-1ubuntu0.1) jammy-security; urgency=medium . [ Luís Infante da Câmara ] * SECURITY UPDATE: Buffer overflow leading to insufficient memory or program crash via a crafted XCF file (LP: #1982422) - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to the next property when xcf_old_path fails. - CVE-2022-30067 * SECURITY UPDATE: Denial of service via a crafted XCF file (LP: #1982422) - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when loading XCF files. - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when loading XCF files. - debian/patches/CVE-2022-32990-3.patch: Return TRUE in gimp_channel_is_empty when channel is NULL. - CVE-2022-32990 . [ Marc Deslauriers ] * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow - debian/patches/CVE-2023-44441-1.patch: verify header information in plug-ins/file-dds/ddsread.c. - debian/patches/CVE-2023-44441-2.patch: fix checks in plug-ins/file-dds/ddsread.c. - debian/patches/CVE-2023-44441-3.patch: add additional fixes in plug-ins/file-dds/ddsread.c. - CVE-2023-44441 * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow - debian/patches/CVE-2023-44442.patch: add missing break statement in plug-ins/file-psd/psd-util.c. - CVE-2023-44442 * SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One - debian/patches/CVE-2023-44443_44444.patch: check color_palette_entries and fix buffer size in plug-ins/common/file-psp.c. - CVE-2023-44443 - CVE-2023-44444 Checksums-Sha1: 491dbdfeb193b42d1ce27da70cb20cec1d8929b7 16762440 gimp-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 47a3c2e9ad907c6f770b59cd0c277f090dbe7f10 22047 gimp_2.10.30-1ubuntu0.1_riscv64.buildinfo de43f894754284f0299334b11f078d8b2add1159 4396354 gimp_2.10.30-1ubuntu0.1_riscv64.deb a502ef09b1f7a833cff57c8846e57844939e1382 18808208 gimp_2.10.30-1ubuntu0.1_riscv64_translations.tar.gz e58573ceb3044a245f3bbb487d51ba9ddcb11358 1359944 libgimp2.0-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 85eb35e571a0538825573319c14079d36b3c50e9 16390 libgimp2.0-dev-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 7068f43c7ffdcae82931d25d654ea1e01b598f57 119086 libgimp2.0-dev_2.10.30-1ubuntu0.1_riscv64.deb 45d25249b5b5279203a66d9e9de37f0c7cccb920 426394 libgimp2.0_2.10.30-1ubuntu0.1_riscv64.deb Checksums-Sha256: a7bd906e7f83856b0ecd9bf5b06655b8cc4ab5e7988c7152cd7cf1062c4b85f2 16762440 gimp-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb cd480249577bb44a3842094975e79ed8abbd85c73490314cb110888f3a1ac042 22047 gimp_2.10.30-1ubuntu0.1_riscv64.buildinfo f38a7e3bbbede2ab3b543f1a794ae6e5f2d755dc69de76bf95179c74d0f1739e 4396354 gimp_2.10.30-1ubuntu0.1_riscv64.deb fe932f88292a8b3d2bcc0615cb6630f15861e9fa982f3b90c89e25e8dea700bc 18808208 gimp_2.10.30-1ubuntu0.1_riscv64_translations.tar.gz a374aafcf73d66b0dabf79d501cc9ebe298011a7a2e1eaff3c43db9c1eb6d325 1359944 libgimp2.0-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 1d17ac0d28a88ceb7d62b514e56e60179803aea91a56ac7e693b36de9622a76c 16390 libgimp2.0-dev-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 1858f57b07773db460b4dc7c2fed7dda3593995354532689dca4b90927817aef 119086 libgimp2.0-dev_2.10.30-1ubuntu0.1_riscv64.deb b7afdecfdc995d5c600660dc647751640356022a77d3a6668ff3d95676f76e87 426394 libgimp2.0_2.10.30-1ubuntu0.1_riscv64.deb Files: 4405221f308d858c63e5cde3964391a1 16762440 debug optional gimp-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb b47eb1b68118f988cac6b3756e16a421 22047 graphics optional gimp_2.10.30-1ubuntu0.1_riscv64.buildinfo e4262762d7413405cc880056dc90062c 4396354 graphics optional gimp_2.10.30-1ubuntu0.1_riscv64.deb 72de8568754b36f7e2eb2172117e1224 18808208 raw-translations - gimp_2.10.30-1ubuntu0.1_riscv64_translations.tar.gz 0e8762a544e7dc66b17715b51cef09a8 1359944 debug optional libgimp2.0-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 5951c15ad3486c2a74543286ca6399e2 16390 debug optional libgimp2.0-dev-dbgsym_2.10.30-1ubuntu0.1_riscv64.ddeb 2366f6d2be965f25ccde0d31ffabe785 119086 libdevel optional libgimp2.0-dev_2.10.30-1ubuntu0.1_riscv64.deb ff8c6b9e65a67c28c6f49096437e990a 426394 libs optional libgimp2.0_2.10.30-1ubuntu0.1_riscv64.deb Original-Maintainer: Debian GNOME Maintainers