Debian-LTS has issued an advisory on June 25: http://lwn.net/Alerts/692816/ Upstream has made a commit to the 2.8 branch to fix the issue, as mentioned on the upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=767873 Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
I submitted gimp-2.8.16-rel2 to Cauldron for fixing that - http://pkgsubmit.mageia.org/ . It includes the patch from the repository. After some testing , I will also build an mga v5 package.
Packages built: gimp-2.8.14-4.1.mga5 libgimp2.0-devel-2.8.14-4.1.mga5 libgimp2.0_0-2.8.14-4.1.mga5 gimp-python-2.8.14-4.1.mga5 from gimp-2.8.14-4.1.mga5.src.rpm Please assign to QA when it's ready for testing.
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
Assigning to QA as it's ready for testing. I don't know if there's a test procedure anywhere.
Status: NEW => ASSIGNEDAssignee: shlomif => qa-bugs
PoC file is attached to the GNOME bug. Advisory: ======================== Updated gimp packages fix security vulnerability: It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in GIMP (CVE-2016-4994). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994 https://bugzilla.gnome.org/show_bug.cgi?id=767873 http://lwn.net/Alerts/692816/ ======================== Updated packages in core/updates_testing: ======================== gimp-2.8.14-4.1.mga5 libgimp2.0-devel-2.8.14-4.1.mga5 libgimp2.0_0-2.8.14-4.1.mga5 gimp-python-2.8.14-4.1.mga5 from gimp-2.8.14-4.1.mga5.src.rpm
Whiteboard: (none) => has_procedure
Mageia 5 i586, GIMP opens the PoC file just fine.
Whiteboard: has_procedure => has_procedure MGA5-32-OK
Thanks David for the 32-bit test. Testing M5 x64 Using the test file https://bugzilla.gnome.org/attachment.cgi?id=330079 and command to try it in https://bugzilla.gnome.org/show_bug.cgi?id=767873 BEFORE the update: gimp-2.8.14-4.mga5 lib64gimp2.0_0-2.8.14-4.mga5 $ gimp Gimp_UaF.xcf (gimp:20510): Gimp-Core-CRITICAL **: gimp_image_set_active_layer: assertion 'layer == NULL || GIMP_IS_LAYER (layer)' failed AFTER the update: gimp-2.8.14-4.1.mga5 lib64gimp2.0_0-2.8.14-4.1.mga5 $ gimp Gimp_UaF.xcf [NO failure message] OK'ing & validating the update.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OKCC: (none) => lewyssmith, sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0241.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
*** Bug 18945 has been marked as a duplicate of this bug. ***
CC: (none) => linux