Package: gimp | Debian Sources

Package: gimp / 2.8.14-1+deb8u2

Metadata

Package	Version	Patches format
gimp	2.8.14-1+deb8u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable internal help browser \| (download)	etc/gimprc \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
01_hurd_ftbfs.patch \| (download)	libgimpbase/gimpreloc.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	define path_max to fix build on the hurd.
02_CVE 2016 4994.patch \| (download)	app/xcf/xcf-load.c \| 29 29 + 0 - 0 ! 1 file changed, 29 insertions(+)	bug 767873 - (cve-2016-4994) multiple use-after-free when parsing... ...XCF channel and layer properties The properties PROP_ACTIVE_LAYER, PROP_FLOATING_SELECTION, PROP_ACTIVE_CHANNEL saves the current object pointer the @info structure. Others like PROP_SELECTION (for channel) and PROP_GROUP_ITEM (for layer) will delete the current object and create a new object, leaving the pointers in @info invalid (dangling). Therefore, if a property from the first type will come before the second, the result will be an UaF in the last lines of xcf_load_image (when it actually using the pointers from @info). I wasn't able to exploit this bug because that g_object_instance->c_class gets cleared by the last g_object_unref and GIMP_IS_{LAYER,CHANNEL} detects that and return FALSE. (cherry picked from commit 6d804bf9ae77bc86a0a97f9b944a129844df9395)
Bug 739134 CVE 2017 17786 Out of bounds read heap ov.patch \| (download)	plug-ins/common/file-tga.c \| 12 8 + 4 - 0 ! 1 file changed, 8 insertions(+), 4 deletions(-)	bug 739134 - (cve-2017-17786) out of bounds read / heap overflow in... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
plug ins TGA 16 bit RGB without alpha bit is also va.patch \| (download)	plug-ins/common/file-tga.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	plug-ins: tga 16-bit rgb (without alpha bit) is also valid.
Bug 790849 CVE 2017 17789 CVE 2017 17789 Heap buffer.patch \| (download)	plug-ins/common/file-psp.c \| 9 9 + 0 - 0 ! 1 file changed, 9 insertions(+)	bug 790849 - (cve-2017-17789) cve-2017-17789 heap buffer overflow...
Bug 790784 CVE 2017 17784 heap overread in gbr parse.patch \| (download)	plug-ins/common/file-gbr.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	bug 790784 - (cve-2017-17784) heap overread in gbr parser / load_image.
Bug 790853 CVE 2017 17787 heap overread in psp impor.patch \| (download)	plug-ins/common/file-psp.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	bug 790853 - (cve-2017-17787) heap overread in psp importer.
Bug 739133 CVE 2017 17785 Heap overflow while parsin.patch \| (download)	plug-ins/file-fli/fli.c \| 50 35 + 15 - 0 ! 1 file changed, 35 insertions(+), 15 deletions(-)	bug 739133 - (cve-2017-17785) heap overflow while parsing fli files.
790783 buffer overread in XCF parser if version fiel.patch \| (download)	app/xcf/xcf.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	790783 - buffer overread in xcf parser if version field...

1