Description of problem:
"We are releasing GIMP 2.8.18 to fix a vulnerability in the XCF loading code (CVE-2016-4994). With special XCF files, GIMP can be caused to crash, and possibly be made to execute arbitrary code provided by the attacker."
Fortunately we already fixed this security problem. Perhaps an updated to 2.8.18 could be considered for Cauldron. I'll leave that up to Shlomi.
*** This bug has been marked as a duplicate of bug 18804 ***