RedHat has issued an advisory on December 3: https://rhn.redhat.com/errata/RHSA-2013-1778.html We already fixed CVE-2012-5576 in Bug 8326. Patched packages for the other CVEs uploaded for Mageia 3 and Cauldron. Advisory: ======================== Updated gimp packages fix security vulnerabilities: An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2013-1913, CVE-2013-1978). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978 https://rhn.redhat.com/errata/RHSA-2013-1778.html ======================== Updated packages in core/updates_testing: ======================== gimp-2.8.2-3.1.mga3 libgimp2.0-devel-2.8.2-3.1.mga3 libgimp2.0_0-2.8.2-3.1.mga3 gimp-python-2.8.2-3.1.mga3 from gimp-2.8.2-3.1.mga3.src.rpm Reproducible: Steps to Reproduce:
Advisory 11873.adv committed to svn. No poc provided in the bug report, so just need to confirm the updated version runs without any obvious regressions.
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Testing complete on Mageia 3 i586 and x86_64. Validating the update. Someone from the sysadmin team please push 11873.adv to updates.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0365.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED