Debian Bug report logs -
#629830
gimp vulnerable to CVE-2011-1782
Reported by: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Date: Wed, 8 Jun 2011 18:12:05 UTC
Severity: normal
Tags: patch
Found in version gimp/2.6.11-2
Fixed in version gimp/2.6.11-3
Done: Ari Pollak <ari@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org>:
Bug#629830; Package gimp.
(Wed, 08 Jun 2011 18:12:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Marc Deslauriers <marc.deslauriers@ubuntu.com>:
New Bug report received and forwarded. Copy sent to Ari Pollak <ari@debian.org>.
(Wed, 08 Jun 2011 18:12:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: gimp
Version: 2.6.11-2
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmphuxFni
In Ubuntu, the attached patch was applied to achieve the following security
fix:
* SECURITY UPDATE: denial of service and possible code execution via
malformed PSP image file
- debian/patches/08_CVE-2011-1782.patch: further fix buffer overflow in
plug-ins/common/file-psp.c.
- CVE-2011-1782
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-10-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
[tmpXz78At (text/x-diff, attachment)]
Reply sent
to Ari Pollak <ari@debian.org>:
You have taken responsibility.
(Sat, 11 Jun 2011 22:36:04 GMT) (full text, mbox, link).
Notification sent
to Marc Deslauriers <marc.deslauriers@ubuntu.com>:
Bug acknowledged by developer.
(Sat, 11 Jun 2011 22:36:04 GMT) (full text, mbox, link).
Message #10 received at 629830-close@bugs.debian.org (full text, mbox, reply):
Source: gimp
Source-Version: 2.6.11-3
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive:
gimp-data_2.6.11-3_all.deb
to main/g/gimp/gimp-data_2.6.11-3_all.deb
gimp-dbg_2.6.11-3_amd64.deb
to main/g/gimp/gimp-dbg_2.6.11-3_amd64.deb
gimp_2.6.11-3.debian.tar.gz
to main/g/gimp/gimp_2.6.11-3.debian.tar.gz
gimp_2.6.11-3.dsc
to main/g/gimp/gimp_2.6.11-3.dsc
gimp_2.6.11-3_amd64.deb
to main/g/gimp/gimp_2.6.11-3_amd64.deb
libgimp2.0-dev_2.6.11-3_amd64.deb
to main/g/gimp/libgimp2.0-dev_2.6.11-3_amd64.deb
libgimp2.0-doc_2.6.11-3_all.deb
to main/g/gimp/libgimp2.0-doc_2.6.11-3_all.deb
libgimp2.0_2.6.11-3_amd64.deb
to main/g/gimp/libgimp2.0_2.6.11-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 629830@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Sat, 11 Jun 2011 17:30:56 -0400
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: source all amd64
Version: 2.6.11-3
Distribution: unstable
Urgency: low
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description:
gimp - The GNU Image Manipulation Program
gimp-data - Data files for GIMP
gimp-dbg - Debugging symbols for GIMP
libgimp2.0 - Libraries for the GNU Image Manipulation Program
libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
libgimp2.0-doc - Developers' Documentation for the GIMP library
Closes: 629830
Changes:
gimp (2.6.11-3) unstable; urgency=low
.
* Fix buffer overflow in PSP reading code (CVE-2011-1782) (Closes: #629830)
Checksums-Sha1:
32d2f202ef7b33cb8771ad5ad3f497162485a504 1940 gimp_2.6.11-3.dsc
72757183c6c429c61ada845e0c8e12b1810091a7 45329 gimp_2.6.11-3.debian.tar.gz
e08aafb10b1e0141bcff4169627a268602819cb2 11672180 gimp-data_2.6.11-3_all.deb
32d225bbb424ae3d3b5cd64a2daecd050b77aa03 1101862 libgimp2.0-doc_2.6.11-3_all.deb
53cb7b5c13aa411dfdcd52d00cdb539e4e8ef497 1183514 libgimp2.0_2.6.11-3_amd64.deb
11b86d17a61a94c84f92e386d090f60f1ff5438f 5000468 gimp_2.6.11-3_amd64.deb
7840b5658d155f52693eb5b93712cd8915977815 184936 libgimp2.0-dev_2.6.11-3_amd64.deb
2a25cdb4d45cbfee84b284fabf6586ec228903f4 14745876 gimp-dbg_2.6.11-3_amd64.deb
Checksums-Sha256:
5d6a754e6252ffe81b86d744ec3956a03a904e8bace0597f48c494e58a0981cb 1940 gimp_2.6.11-3.dsc
49b28c05b11a31f3615afae275d8b3cf92ca70f5afebd920a45f05bcc5784945 45329 gimp_2.6.11-3.debian.tar.gz
8b5d93371ac600b4ba67b98f5c67ccc67710cdbd5640e4457ba27f681387de0b 11672180 gimp-data_2.6.11-3_all.deb
eaa295d78159667760db9eb84f47a7687357c85ff5b62228af356f18cc619ac3 1101862 libgimp2.0-doc_2.6.11-3_all.deb
19f6ceced3dbb6d2c111ca95f3bc99e57e10cae0785fc988d01253a6f0cf8dd2 1183514 libgimp2.0_2.6.11-3_amd64.deb
362f7528536053cdf80b8c9380e876a0c264324abae95f6ba28306a489cb607d 5000468 gimp_2.6.11-3_amd64.deb
afa8b0b8d12a6360429f264a7b9db4f5a03d6d9387eae7759af96255f7c2e195 184936 libgimp2.0-dev_2.6.11-3_amd64.deb
1f055b1e36417bdc036cb38f562eed8a097069852c9e7565f23849d2dbe208a2 14745876 gimp-dbg_2.6.11-3_amd64.deb
Files:
023619a500394462583a1bd20d9843be 1940 graphics optional gimp_2.6.11-3.dsc
30e5b3b7f08367626741ac38a547d41c 45329 graphics optional gimp_2.6.11-3.debian.tar.gz
d8d3867c59d47ef479a484e3fb124dc3 11672180 graphics optional gimp-data_2.6.11-3_all.deb
23a32529acc5d792698cf66725bfbee7 1101862 doc optional libgimp2.0-doc_2.6.11-3_all.deb
1535ca19e5f53fdc769500595737d19a 1183514 libs optional libgimp2.0_2.6.11-3_amd64.deb
9d706cf7386465706b0d664e2d81cc31 5000468 graphics optional gimp_2.6.11-3_amd64.deb
8687a2291cce76f2ab0647226bfbb206 184936 libdevel optional libgimp2.0-dev_2.6.11-3_amd64.deb
764646d145d9e74c6254839ad4be5657 14745876 debug extra gimp-dbg_2.6.11-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEAREDAAYFAk3z6aoACgkQwO+u47cOQDtZLACgiktkZmsnGDrvDCzTITXDv6E/
oaMAnRPtZ5tOq2K/KzlnFh0bvObzGLOm
=fPEX
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 20 Jul 2011 07:32:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:53:42 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon