| Summary: | gimp missing security update for CVE-2010-454[0-3] and CVE-2011-1782 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | dmorganec, geiger.david68210, n54, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | gimp-2.6.11-7.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-01-01 21:44:04 CET
Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) Keywords:
(none) =>
Triaged http://svnweb.mageia.org/packages?view=revision&revision=189705 Already in SVN http://svnweb.mageia.org/packages/updates/1/gimp/current/SOURCES/gimp-2.6.11-psp-overflow.patch?view=markup&pathrev=189705 and submitted to BS. CC:
(none) =>
n54
D Morgan
2012-01-03 00:03:34 CET
CC:
(none) =>
dmorganec Works for me on i586. Tested complete the update srpm gimp-2.6.11-7.1.mga1.src.rpm on Mageia release 1 (Official) for x86_64 ,works for me too. Nothing to report. CC:
(none) =>
geiger.david68210 Validating Advisory: ======================== Updated gimp packages fix security vulnerabilities: Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself (CVE-2010-4540). Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Number of lights field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself (CVE-2010-4541). Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself (CVE-2010-4542). Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image (CVE-2010-4543, CVE-2011-1782). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1782 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2011:103 ======================== Updated packages in core/updates_testing: ======================== gimp-2.6.11-7.1.mga1 gimp-python-2.6.11-7.1.mga1 libgimp2.0-devel-2.6.11-7.1.mga1 libgimp2.0_0-2.6.11-7.1.mga1 from gimp-2.6.11-7.1.mga1.src.rpm ======================== Could sysadmin please push from core/updates_testing to core/updates Thank you! Keywords:
Triaged =>
validated_update update pushed. Status:
NEW =>
RESOLVED |