-
gimp (2.10.18-1ubuntu0.1) focal-security; urgency=medium
[ Luís Infante da Câmara ]
* SECURITY UPDATE: Buffer overflow leading to insufficient memory or
program crash via a crafted XCF file (LP: #1982422)
- debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
the next property when xcf_old_path fails.
- CVE-2022-30067
* SECURITY UPDATE: Denial of service via a crafted XCF file
(LP: #1982422)
- debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
loading XCF files.
- debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
loading XCF files.
- debian/patches/CVE-2022-32990-3.patch: Return TRUE in
gimp_channel_is_empty when channel is NULL.
- CVE-2022-32990
[ Marc Deslauriers ]
* SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
- debian/patches/CVE-2023-44441-1.patch: verify header information in
plug-ins/file-dds/ddsread.c.
- debian/patches/CVE-2023-44441-2.patch: fix checks in
plug-ins/file-dds/ddsread.c.
- debian/patches/CVE-2023-44441-3.patch: add additional fixes in
plug-ins/file-dds/ddsread.c.
- CVE-2023-44441
* SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
- debian/patches/CVE-2023-44442.patch: add missing break statement in
plug-ins/file-psd/psd-util.c.
- CVE-2023-44442
* SECURITY UPDATE: PSP File Parsing Off-By-One
- debian/patches/CVE-2023-44444.patch: fix buffer size in
plug-ins/common/file-psp.c.
- CVE-2023-44444
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 07:38:10 -0500
-
gimp (2.10.18-1) unstable; urgency=medium
* New upstream release (Closes: #954143)
* Bump minimum libbabl-dev to 0.1.74 & libgegl-dev to 0.4.22
* Bump minimum libmypaint-dev to 1.14
* Disable automatic update checking since the distro handles that
* debian/libgimp2.0.symbols: Add new symbols
* Drop the 3 backported patches applied in the new release
-- Jeremy Bicha <email address hidden> Sun, 29 Mar 2020 01:27:45 -0400
-
gimp (2.10.14-3) unstable; urgency=medium
* Team upload
* d/p/Don-t-crash-when-a-plugin-defines-an-invalid-property-nam.patch:
Apply patch from upstream 2.10.16 release. If a plugin defines an
invalid property name, don't use that plugin instead of crashing.
(Closes: #953880, #953854, #953794, LP: #1857254)
* d/p/Fix-invalid-property-name-in-pagecurl-plugin.patch:
Apply patch from upstream 2.10.16 release to fix an invalid property
name in the pagecurl plugin. GLib 2.64 validates property names
in line with rules that were previously only in the documentation.
-- Simon McVittie <email address hidden> Tue, 17 Mar 2020 12:01:32 +0000
-
gimp (2.10.14-2ubuntu1) focal; urgency=medium
* Add a couple of upstream bug fixes: (LP: #1857254)
- upstream_fix_segfault_glib_paramspec.diff
- upstream_fix_segfault_glib_paramspec2.diff
-- José Manuel Santamaría Lema <email address hidden> Thu, 26 Dec 2019 11:55:38 +0100
-
gimp (2.10.14-2build1) focal; urgency=medium
* No-change rebuild against libilmbase24 and libopenexr24.
-- Rik Mills <email address hidden> Mon, 02 Dec 2019 07:08:24 +0000
-
gimp (2.10.14-2) unstable; urgency=medium
* d/p/Add-missing-lm-to-file-psd-plug-in.patch: Cherry pick FTBFS fix for
armhf
* rules: Explicitly disable the xvfb tests. They were implicitly disabled
before by the lack of a BD, let's make it consistent.
-- Iain Lane <email address hidden> Thu, 21 Nov 2019 17:54:45 +0000
-
gimp (2.10.14-1) unstable; urgency=medium
* New upstream release (Closes: #923291, #943731)
* Bump minimum libbabl-dev to 0.1.72), libgegl-dev to 0.48
& libheif-dev to 1.3.2
* debian/gimp.install: Update
* debian/libgimp2.0.symbols: Update
-- Jeremy Bicha <email address hidden> Sat, 09 Nov 2019 20:33:53 -0500
-
gimp (2.10.12-1) unstable; urgency=medium
* New upstream release
* Drop gimp-python because it depends on pygtk and Python2
(Closes: #885289, #936611)
* Bump minimum babl to 0.1.66 and gegl to 0.4.16
* debian/libgimp2.0.symbols: Add new symbols
* Build-Depend on debhelper-compat 12 and drop debian/compat
* Build-Depend on dh-sequence-gnome instead of gnome-pkg-tools
-- Jeremy Bicha <email address hidden> Sun, 27 Oct 2019 09:39:34 -0400
-
gimp (2.10.8-2) unstable; urgency=medium
* Restore -Wl,-O1 to our LDFLAGS
* Bump Standards-Version to 4.3.0
-- Jeremy Bicha <email address hidden> Mon, 24 Dec 2018 09:17:02 -0500
