Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2011-2896: LZW buffer overflow

Related Vulnerabilities: CVE-2011-2896  

Source

Debian Bug report logs - #643753
CVE-2011-2896: LZW buffer overflow

version graph

Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>; Source for gimp is src:gimp (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Thu, 29 Sep 2011 10:24:01 UTC

Severity: grave

Tags: security

Fixed in version gimp/2.6.11-5

Done: Ari Pollak <ari@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Ari Pollak <ari@debian.org>:
Bug#643753; Package gimp. (Thu, 29 Sep 2011 10:24:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Ari Pollak <ari@debian.org>. (Thu, 29 Sep 2011 10:24:10 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-2896: LZW buffer overflow
Date: Thu, 29 Sep 2011 12:21:21 +0200
Package: gimp
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896 for details.

Patch:
http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-gif-load.c?id=376ad788c1a1c31d40f18494889c383f6909ebfc

Cheers,
        Moritz

Reply sent to Ari Pollak <ari@debian.org>:
You have taken responsibility. (Fri, 07 Oct 2011 02:51:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Fri, 07 Oct 2011 02:51:03 GMT) (full text, mbox, link).

Message #10 received at 643753-close@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org>
To: 643753-close@bugs.debian.org
Subject: Bug#643753: fixed in gimp 2.6.11-5
Date: Fri, 07 Oct 2011 02:47:55 +0000
Source: gimp
Source-Version: 2.6.11-5

We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive:

gimp-data_2.6.11-5_all.deb
  to main/g/gimp/gimp-data_2.6.11-5_all.deb
gimp-dbg_2.6.11-5_amd64.deb
  to main/g/gimp/gimp-dbg_2.6.11-5_amd64.deb
gimp_2.6.11-5.debian.tar.gz
  to main/g/gimp/gimp_2.6.11-5.debian.tar.gz
gimp_2.6.11-5.dsc
  to main/g/gimp/gimp_2.6.11-5.dsc
gimp_2.6.11-5_amd64.deb
  to main/g/gimp/gimp_2.6.11-5_amd64.deb
libgimp2.0-dev_2.6.11-5_amd64.deb
  to main/g/gimp/libgimp2.0-dev_2.6.11-5_amd64.deb
libgimp2.0-doc_2.6.11-5_all.deb
  to main/g/gimp/libgimp2.0-doc_2.6.11-5_all.deb
libgimp2.0_2.6.11-5_amd64.deb
  to main/g/gimp/libgimp2.0_2.6.11-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 643753@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated gimp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Thu, 06 Oct 2011 21:46:58 -0400
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: source all amd64
Version: 2.6.11-5
Distribution: unstable
Urgency: high
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description: 
 gimp       - The GNU Image Manipulation Program
 gimp-data  - Data files for GIMP
 gimp-dbg   - Debugging symbols for GIMP
 libgimp2.0 - Libraries for the GNU Image Manipulation Program
 libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
 libgimp2.0-doc - Developers' Documentation for the GIMP library
Closes: 643753 644025
Changes: 
 gimp (2.6.11-5) unstable; urgency=high
 .
   * pyslice.patch: upstream patch to fix slice filter crashing (Closes: #644025)
   * Apply fix for GIF buffer overflow (CVE-2011-2896) (Closes: #643753)
Checksums-Sha1: 
 4d77bf54633756f8d998145fdfb76f582bb1c460 2100 gimp_2.6.11-5.dsc
 f31895698fff5f73ae93971ac2a45648b0ee2c62 54039 gimp_2.6.11-5.debian.tar.gz
 d1dfcfd2ac4cb32073887ae20056d84f8a11700f 11673748 gimp-data_2.6.11-5_all.deb
 6ba297e9a0b8865c7543356a56da74909741ce9a 1102366 libgimp2.0-doc_2.6.11-5_all.deb
 bb865f0ef6907cfb03f8ca6fd0be481848d47cdf 1184892 libgimp2.0_2.6.11-5_amd64.deb
 cfd63974ef01a873f8b2d01a831119f4f4832fd9 5018312 gimp_2.6.11-5_amd64.deb
 e2bbb963f5f16842204a7c357dabf873cc904ce9 185386 libgimp2.0-dev_2.6.11-5_amd64.deb
 aa569dc58232b69741349058fc270e0a8b7f487f 14862194 gimp-dbg_2.6.11-5_amd64.deb
Checksums-Sha256: 
 130c8dd50ef6269efa63ffd8cbd59323f74cede0d41e80efa80e8f7bb9a76f4e 2100 gimp_2.6.11-5.dsc
 8eff53a43a60b5097b9c0071783cfd61771cc350a2a9262ac1b7dbbe36d3adf5 54039 gimp_2.6.11-5.debian.tar.gz
 bdd704274c441ad8845b1ce79b64a7906b7924a68b9d147aa8c936e61a18a2af 11673748 gimp-data_2.6.11-5_all.deb
 118de2c722db929e7c13c6f8f85a33052669d21027a321d5ffb321cc4e76845d 1102366 libgimp2.0-doc_2.6.11-5_all.deb
 329e7515959ce9b31504714e35f6eb5647320f1899c5c4cfbddefa413d74e8ee 1184892 libgimp2.0_2.6.11-5_amd64.deb
 9dc200adf934b84e712f67e9b58feb0c4a08783f71b6efa0549bb9b7b00d11b7 5018312 gimp_2.6.11-5_amd64.deb
 6df686a60624a809f1ee2922ae611b9aafe3e4bb6b051e1e4582f9e074c55998 185386 libgimp2.0-dev_2.6.11-5_amd64.deb
 7ee5341523c315aec5eb1a56e8c779896d649b628286a80fc217b03f0cc9bcf6 14862194 gimp-dbg_2.6.11-5_amd64.deb
Files: 
 40a1481e40d7f91af2a44d18d362a8ea 2100 graphics optional gimp_2.6.11-5.dsc
 47e9a35bafc32b35098a271d785c3c2d 54039 graphics optional gimp_2.6.11-5.debian.tar.gz
 37cee6cb29e0613162452f4105e58cfe 11673748 graphics optional gimp-data_2.6.11-5_all.deb
 5880a43b5dd96b9a5ddd3ab08026bf09 1102366 doc optional libgimp2.0-doc_2.6.11-5_all.deb
 0c61fc3c45ef28de6c08902173bf005e 1184892 libs optional libgimp2.0_2.6.11-5_amd64.deb
 021bc951e8c12e81ffeafe831bf84b81 5018312 graphics optional gimp_2.6.11-5_amd64.deb
 89bc300ffb19526d8f99fcbe703abd96 185386 libdevel optional libgimp2.0-dev_2.6.11-5_amd64.deb
 6b7edbf6f8875e97cfd7d4e6d6168db1 14862194 debug extra gimp-dbg_2.6.11-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEAREDAAYFAk6OYBcACgkQwO+u47cOQDsdxgCfSCTEnykBpUXc9Qo+/R5AsQiH
ZksAnitZrtzcHUnAl6YH/pOVu4WpUa6f
=BJpj
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Jan 2012 07:36:35 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:52:20 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started