Debian Bug report logs -
#608497
gimp: four buffer overflows
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org>:
Bug#608497; Package gimp.
(Fri, 31 Dec 2010 13:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "non customers" <non-customers@operamail.com>:
New Bug report received and forwarded. Copy sent to Ari Pollak <ari@debian.org>.
(Fri, 31 Dec 2010 13:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Subject: gimp: four buffer overflows
Package: gimp
Version: 2.6.11-1
Severity: important
Tags: security
Here is a PoC for four new buffer overflows in GIMP. Compile it
with open-cobol.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gimp depends on:
ii gimp-data 2.6.11-1 Data files for GIMP
ii libaa1 1.4p5-38 ascii art library
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbabl-0.0-0 0.0.22-1 Dynamic, any to any, pixel format
ii libc6 2.11.2-7 Embedded GNU C
Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector
graphics libra
ii libdbus-1-3 1.2.24-4 simple interprocess
messaging syst
ii libdbus-glib-1-2 0.88-2.1 simple interprocess
messaging syst
ii libexif12 0.6.19-1 library to parse EXIF files
ii libfontconfig1 2.8.0-2.1 generic font
configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font
engine, shared lib
ii libgegl-0.0-0 0.0.22-2+b1 Generic Graphics Library
ii libgimp2.0 2.6.11-1 Libraries for the GNU
Image Manipu
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libhal1 0.5.14-3 Hardware Abstraction
Layer - share
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii liblcms1 1.18.dfsg-1.2+b3 Color management library
ii libmng1 1.0.10-1+b1 Multiple-image Network
Graphics li
ii libpango1.0-0 1.28.3-1 Layout and rendering
of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libpoppler-glib4 0.12.4-1.2 PDF rendering library (GLib-based
ii librsvg2-2 2.26.3-1 SAX-based renderer
library for SVG
ii libtiff4 3.9.4-5 Tag Image File Format
(TIFF) libra
ii libwebkit-1.0-2 1.2.5-2.1 Web content engine
library for Gtk
ii libwmf0.2-7 0.2.8.4-6.1+b1 Windows metafile
conversion librar
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous
extension librar
ii libxfixes3 1:4.0.5-1 X11 miscellaneous
'fixes' extensio
ii libxmu6 2:1.0.5-2 X11 miscellaneous utility library
ii libxpm4 1:3.5.8-1 X11 pixmap library
ii python 2.6.6-3+squeeze4 interactive high-level
object-orie
ii python-gtk2 2.17.0-4 Python bindings for
the GTK+ widge
ii python-support 1.0.10 automated rebuilding
support for P
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
gimp recommends no packages.
Versions of packages gimp suggests:
ii ghostscript 8.71~dfsg2-6 The GPL Ghostscript
PostScript/PDF
pn gimp-data-extras <none> (no description available)
pn gimp-help-en | gimp-help <none> (no description available)
ii gvfs-backends 1.6.4-2 userspace virtual
filesystem - bac
ii libasound2 1.0.23-2.1 shared library for
ALSA applicatio
-- no debconf information
--
non-customers crew | http://rock-madrid.com/
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
[gimp-overflows-poc-in-cobol.cob (application/octet-stream, attachment)]
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Thu, 17 Feb 2011 16:39:23 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org>:
Bug#608497; Package gimp.
(Sat, 09 Apr 2011 02:12:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Marc Deslauriers <marc.deslauriers@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Ari Pollak <ari@debian.org>.
(Sat, 09 Apr 2011 02:12:09 GMT) (full text, mbox, link).
Message #16 received at 608497@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: gimp
Version: 2.6.11-1
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch
*** /tmp/tmpJCXJq8
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service and possible code execution via
malformed plugin configuration files
- debian/patches/05_CVE-2010-454x.patch: fix format strings in
plug-ins/{common/sphere-designer,gfig/gfig-style,
lighting/lighting-ui}.c.
- CVE-2010-4540
- CVE-2010-4541
- CVE-2010-4542
* SECURITY UPDATE: denial of service and possible code execution via
malformed PSP image file
- debian/patches/06_CVE-2010-4543.patch: fix buffer overflow in
plug-ins/common/file-psp.c.
- CVE-2010-4543
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
[tmpXAzSt6 (text/x-diff, attachment)]
Reply sent
to Ari Pollak <ari@debian.org>:
You have taken responsibility.
(Tue, 12 Apr 2011 23:03:09 GMT) (full text, mbox, link).
Notification sent
to "non customers" <non-customers@operamail.com>:
Bug acknowledged by developer.
(Tue, 12 Apr 2011 23:03:10 GMT) (full text, mbox, link).
Message #21 received at 608497-close@bugs.debian.org (full text, mbox, reply):
Source: gimp
Source-Version: 2.6.11-2
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive:
gimp-data_2.6.11-2_all.deb
to main/g/gimp/gimp-data_2.6.11-2_all.deb
gimp-dbg_2.6.11-2_amd64.deb
to main/g/gimp/gimp-dbg_2.6.11-2_amd64.deb
gimp_2.6.11-2.debian.tar.gz
to main/g/gimp/gimp_2.6.11-2.debian.tar.gz
gimp_2.6.11-2.dsc
to main/g/gimp/gimp_2.6.11-2.dsc
gimp_2.6.11-2_amd64.deb
to main/g/gimp/gimp_2.6.11-2_amd64.deb
libgimp2.0-dev_2.6.11-2_amd64.deb
to main/g/gimp/libgimp2.0-dev_2.6.11-2_amd64.deb
libgimp2.0-doc_2.6.11-2_all.deb
to main/g/gimp/libgimp2.0-doc_2.6.11-2_all.deb
libgimp2.0_2.6.11-2_amd64.deb
to main/g/gimp/libgimp2.0_2.6.11-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 608497@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Tue, 12 Apr 2011 19:04:28 -0400
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: source all amd64
Version: 2.6.11-2
Distribution: unstable
Urgency: high
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description:
gimp - The GNU Image Manipulation Program
gimp-data - Data files for GIMP
gimp-dbg - Debugging symbols for GIMP
libgimp2.0 - Libraries for the GNU Image Manipulation Program
libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
libgimp2.0-doc - Developers' Documentation for the GIMP library
Closes: 600226 608497 613201 621230
Changes:
gimp (2.6.11-2) unstable; urgency=high
.
* Fix security issues when reading plugin configuration files and PSP files
(CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543)
(Closes: #608497)
- patches imported from Ubuntu
* Drop libgimp2.0's recommendation on gimp (Closes: #600226)
* remove .la files, even from python modules (Closes: #621230)
* Remove HAL support (Closes: #613201)
* 07_binutils-gold.patch:
- Allow package to build with binutils-gold
Checksums-Sha1:
4cb43b23705d72cf2022d27217fb57e75d7b6db2 1940 gimp_2.6.11-2.dsc
c8ff3e6c5b842e45a6d682aba79d05abea179a98 45078 gimp_2.6.11-2.debian.tar.gz
7b5cd82c761d6a4abe31f671112897d1eeaff268 11672416 gimp-data_2.6.11-2_all.deb
bf168d2e918b19e7bcf919d927cbe3613b111711 1101792 libgimp2.0-doc_2.6.11-2_all.deb
401f06e204f290ca670dd1ad2629933015a46937 1187448 libgimp2.0_2.6.11-2_amd64.deb
b07c18571fd1e040cda33fad6f972a263e348fa7 5053114 gimp_2.6.11-2_amd64.deb
e5b98b4c6a194be62e0c352bddeea62e773fd5fc 185118 libgimp2.0-dev_2.6.11-2_amd64.deb
f48686324dfef9b3d440d025659256b3ca07607d 15522670 gimp-dbg_2.6.11-2_amd64.deb
Checksums-Sha256:
57a5bbc8511ea74968cf05e8e0c9c4746a32a8d563388b81677c3364b59e4093 1940 gimp_2.6.11-2.dsc
049e4a8683e078dd7288da95eb72e2146ec2a24f49858b02aa77cea11c3dab89 45078 gimp_2.6.11-2.debian.tar.gz
2ad912aa89fc38ba0678ab36897bab6f0bb7c64013e484b4e43456163d465ccd 11672416 gimp-data_2.6.11-2_all.deb
0bc0ecde10a5508d3e59b7e7ceafd0eeda1c1e208eb407c395958edcfbfc2e20 1101792 libgimp2.0-doc_2.6.11-2_all.deb
1d9647f5db9fbee19f8d5e39e7a540067c87c4cdba18a90eb8dadb0f0f283134 1187448 libgimp2.0_2.6.11-2_amd64.deb
c3adbfb998e12dcf7c4b353d2c279882a30d2ab32b51743f228b231e902cd700 5053114 gimp_2.6.11-2_amd64.deb
d0c1c18a5e9fd12349b8c13ee7162b61a8b9e3245acda6bd0467bbe3f39db68b 185118 libgimp2.0-dev_2.6.11-2_amd64.deb
687fc2f4faea46e069c80af6eac429ee19791006578c4d297c94609ab703dec7 15522670 gimp-dbg_2.6.11-2_amd64.deb
Files:
70ad1275bf6f415bf4ef275b197add2f 1940 graphics optional gimp_2.6.11-2.dsc
dc5e1000762cc1ac3bf567afdf5da04f 45078 graphics optional gimp_2.6.11-2.debian.tar.gz
16f27db7ffd7cce7aa8e3ba1e88bbb92 11672416 graphics optional gimp-data_2.6.11-2_all.deb
dbded1d5ff15871eec1a733cf8da8dc3 1101792 doc optional libgimp2.0-doc_2.6.11-2_all.deb
1470775db4095c3bf1d7ab398dc1b782 1187448 libs optional libgimp2.0_2.6.11-2_amd64.deb
888e262dca0b048c0f4cc7cd2f414ce6 5053114 graphics optional gimp_2.6.11-2_amd64.deb
88f0b9f4d72447d3be8287db9b245bce 185118 libdevel optional libgimp2.0-dev_2.6.11-2_amd64.deb
dcea23a07d691868c9ca62c394fa9206 15522670 debug extra gimp-dbg_2.6.11-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEAREDAAYFAk2k0zQACgkQwO+u47cOQDuvhwCbBIoPsA8HSvK7/inHec2q9/96
wgkAoJ9DFlVo+fTvlkMhFR3diCKgINid
=g6ce
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 02 Jul 2011 07:43:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:20:21 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon