Package: gimp / 2.8.14-1+deb8u2
Metadata
Package | Version | Patches format |
---|---|---|
gimp | 2.8.14-1+deb8u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
disable internal help browser | (download) |
etc/gimprc |
2 1 + 1 - 0 ! |
--- |
01_hurd_ftbfs.patch | (download) |
libgimpbase/gimpreloc.c |
3 3 + 0 - 0 ! |
define path_max to fix build on the hurd. |
02_CVE 2016 4994.patch | (download) |
app/xcf/xcf-load.c |
29 29 + 0 - 0 ! |
bug 767873 - (cve-2016-4994) multiple use-after-free when parsing... ...XCF channel and layer properties The properties PROP_ACTIVE_LAYER, PROP_FLOATING_SELECTION, PROP_ACTIVE_CHANNEL saves the current object pointer the @info structure. Others like PROP_SELECTION (for channel) and PROP_GROUP_ITEM (for layer) will delete the current object and create a new object, leaving the pointers in @info invalid (dangling). Therefore, if a property from the first type will come before the second, the result will be an UaF in the last lines of xcf_load_image (when it actually using the pointers from @info). I wasn't able to exploit this bug because that g_object_instance->c_class gets cleared by the last g_object_unref and GIMP_IS_{LAYER,CHANNEL} detects that and return FALSE. (cherry picked from commit 6d804bf9ae77bc86a0a97f9b944a129844df9395) |
Bug 739134 CVE 2017 17786 Out of bounds read heap ov.patch | (download) |
plug-ins/common/file-tga.c |
12 8 + 4 - 0 ! |
bug 739134 - (cve-2017-17786) out of bounds read / heap overflow in... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit |
plug ins TGA 16 bit RGB without alpha bit is also va.patch | (download) |
plug-ins/common/file-tga.c |
3 2 + 1 - 0 ! |
plug-ins: tga 16-bit rgb (without alpha bit) is also valid. |
Bug 790849 CVE 2017 17789 CVE 2017 17789 Heap buffer.patch | (download) |
plug-ins/common/file-psp.c |
9 9 + 0 - 0 ! |
bug 790849 - (cve-2017-17789) cve-2017-17789 heap buffer overflow... |
Bug 790784 CVE 2017 17784 heap overread in gbr parse.patch | (download) |
plug-ins/common/file-gbr.c |
3 2 + 1 - 0 ! |
bug 790784 - (cve-2017-17784) heap overread in gbr parser / load_image. |
Bug 790853 CVE 2017 17787 heap overread in psp impor.patch | (download) |
plug-ins/common/file-psp.c |
6 6 + 0 - 0 ! |
bug 790853 - (cve-2017-17787) heap overread in psp importer. |
Bug 739133 CVE 2017 17785 Heap overflow while parsin.patch | (download) |
plug-ins/file-fli/fli.c |
50 35 + 15 - 0 ! |
bug 739133 - (cve-2017-17785) heap overflow while parsing fli files. |
790783 buffer overread in XCF parser if version fiel.patch | (download) |
app/xcf/xcf.c |
3 2 + 1 - 0 ! |
790783 - buffer overread in xcf parser if version field... |