Debian Bug report logs -
#643753
CVE-2011-2896: LZW buffer overflow
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 29 Sep 2011 10:24:01 UTC
Severity: grave
Tags: security
Fixed in version gimp/2.6.11-5
Done: Ari Pollak <ari@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Ari Pollak <ari@debian.org>
:
Bug#643753
; Package gimp
.
(Thu, 29 Sep 2011 10:24:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Ari Pollak <ari@debian.org>
.
(Thu, 29 Sep 2011 10:24:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gimp
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896 for details.
Patch:
http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-gif-load.c?id=376ad788c1a1c31d40f18494889c383f6909ebfc
Cheers,
Moritz
Reply sent
to Ari Pollak <ari@debian.org>
:
You have taken responsibility.
(Fri, 07 Oct 2011 02:51:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
Bug acknowledged by developer.
(Fri, 07 Oct 2011 02:51:03 GMT) (full text, mbox, link).
Message #10 received at 643753-close@bugs.debian.org (full text, mbox, reply):
Source: gimp
Source-Version: 2.6.11-5
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive:
gimp-data_2.6.11-5_all.deb
to main/g/gimp/gimp-data_2.6.11-5_all.deb
gimp-dbg_2.6.11-5_amd64.deb
to main/g/gimp/gimp-dbg_2.6.11-5_amd64.deb
gimp_2.6.11-5.debian.tar.gz
to main/g/gimp/gimp_2.6.11-5.debian.tar.gz
gimp_2.6.11-5.dsc
to main/g/gimp/gimp_2.6.11-5.dsc
gimp_2.6.11-5_amd64.deb
to main/g/gimp/gimp_2.6.11-5_amd64.deb
libgimp2.0-dev_2.6.11-5_amd64.deb
to main/g/gimp/libgimp2.0-dev_2.6.11-5_amd64.deb
libgimp2.0-doc_2.6.11-5_all.deb
to main/g/gimp/libgimp2.0-doc_2.6.11-5_all.deb
libgimp2.0_2.6.11-5_amd64.deb
to main/g/gimp/libgimp2.0_2.6.11-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 643753@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Thu, 06 Oct 2011 21:46:58 -0400
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: source all amd64
Version: 2.6.11-5
Distribution: unstable
Urgency: high
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description:
gimp - The GNU Image Manipulation Program
gimp-data - Data files for GIMP
gimp-dbg - Debugging symbols for GIMP
libgimp2.0 - Libraries for the GNU Image Manipulation Program
libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
libgimp2.0-doc - Developers' Documentation for the GIMP library
Closes: 643753 644025
Changes:
gimp (2.6.11-5) unstable; urgency=high
.
* pyslice.patch: upstream patch to fix slice filter crashing (Closes: #644025)
* Apply fix for GIF buffer overflow (CVE-2011-2896) (Closes: #643753)
Checksums-Sha1:
4d77bf54633756f8d998145fdfb76f582bb1c460 2100 gimp_2.6.11-5.dsc
f31895698fff5f73ae93971ac2a45648b0ee2c62 54039 gimp_2.6.11-5.debian.tar.gz
d1dfcfd2ac4cb32073887ae20056d84f8a11700f 11673748 gimp-data_2.6.11-5_all.deb
6ba297e9a0b8865c7543356a56da74909741ce9a 1102366 libgimp2.0-doc_2.6.11-5_all.deb
bb865f0ef6907cfb03f8ca6fd0be481848d47cdf 1184892 libgimp2.0_2.6.11-5_amd64.deb
cfd63974ef01a873f8b2d01a831119f4f4832fd9 5018312 gimp_2.6.11-5_amd64.deb
e2bbb963f5f16842204a7c357dabf873cc904ce9 185386 libgimp2.0-dev_2.6.11-5_amd64.deb
aa569dc58232b69741349058fc270e0a8b7f487f 14862194 gimp-dbg_2.6.11-5_amd64.deb
Checksums-Sha256:
130c8dd50ef6269efa63ffd8cbd59323f74cede0d41e80efa80e8f7bb9a76f4e 2100 gimp_2.6.11-5.dsc
8eff53a43a60b5097b9c0071783cfd61771cc350a2a9262ac1b7dbbe36d3adf5 54039 gimp_2.6.11-5.debian.tar.gz
bdd704274c441ad8845b1ce79b64a7906b7924a68b9d147aa8c936e61a18a2af 11673748 gimp-data_2.6.11-5_all.deb
118de2c722db929e7c13c6f8f85a33052669d21027a321d5ffb321cc4e76845d 1102366 libgimp2.0-doc_2.6.11-5_all.deb
329e7515959ce9b31504714e35f6eb5647320f1899c5c4cfbddefa413d74e8ee 1184892 libgimp2.0_2.6.11-5_amd64.deb
9dc200adf934b84e712f67e9b58feb0c4a08783f71b6efa0549bb9b7b00d11b7 5018312 gimp_2.6.11-5_amd64.deb
6df686a60624a809f1ee2922ae611b9aafe3e4bb6b051e1e4582f9e074c55998 185386 libgimp2.0-dev_2.6.11-5_amd64.deb
7ee5341523c315aec5eb1a56e8c779896d649b628286a80fc217b03f0cc9bcf6 14862194 gimp-dbg_2.6.11-5_amd64.deb
Files:
40a1481e40d7f91af2a44d18d362a8ea 2100 graphics optional gimp_2.6.11-5.dsc
47e9a35bafc32b35098a271d785c3c2d 54039 graphics optional gimp_2.6.11-5.debian.tar.gz
37cee6cb29e0613162452f4105e58cfe 11673748 graphics optional gimp-data_2.6.11-5_all.deb
5880a43b5dd96b9a5ddd3ab08026bf09 1102366 doc optional libgimp2.0-doc_2.6.11-5_all.deb
0c61fc3c45ef28de6c08902173bf005e 1184892 libs optional libgimp2.0_2.6.11-5_amd64.deb
021bc951e8c12e81ffeafe831bf84b81 5018312 graphics optional gimp_2.6.11-5_amd64.deb
89bc300ffb19526d8f99fcbe703abd96 185386 libdevel optional libgimp2.0-dev_2.6.11-5_amd64.deb
6b7edbf6f8875e97cfd7d4e6d6168db1 14862194 debug extra gimp-dbg_2.6.11-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEAREDAAYFAk6OYBcACgkQwO+u47cOQDsdxgCfSCTEnykBpUXc9Qo+/R5AsQiH
ZksAnitZrtzcHUnAl6YH/pOVu4WpUa6f
=BJpj
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 29 Jan 2012 07:36:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:52:20 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.