-
gimp (2.6.11-2ubuntu4.2) oneiric-security; urgency=low
* SECURITY UPDATE: code execution via malformed xwd files
- debian/patches/CVE-2012-5576.patch: validate sizes in
plug-ins/common/file-xwd.c.
- CVE-2012-5576
-- Marc Deslauriers <email address hidden> Thu, 06 Dec 2012 13:33:56 -0500
-
gimp (2.6.11-2ubuntu4.1) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via malformed .fit file header
- debian/patches/CVE-2012-3236.patch: check for valid XTENSION header
in plug-ins/file-fits/fits-io.c.
- CVE-2012-3236
* SECURITY UPDATE: denial of service and possible code execution via
crafted KiSS palette file
- debian/patches/CVE-2012-3403.patch: validate return codes and header
data in plug-ins/common/file-cel.c.
- CVE-2012-3403
* SECURITY UPDATE: denial of service and possible code execution via
crafted GIF image file
- debian/patches/CVE-2012-3481.patch: validate sizes, and prevent
overflows in plug-ins/common/file-gif-load.c.
- CVE-2012-3481
-- Marc Deslauriers <email address hidden> Wed, 05 Sep 2012 13:42:45 -0400
-
gimp (2.6.11-2ubuntu4) oneiric; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via malformed GIF
- debian/patches/09_CVE-2011-2896.patch: properly calculate lengths in
plug-ins/common/file-gif-load.c.
- CVE-2011-2896
-- Marc Deslauriers <email address hidden> Wed, 21 Sep 2011 09:59:51 -0400
-
gimp (2.6.11-2ubuntu3) oneiric; urgency=low
* Convert to dh_python2 (LP: #847514)
- update debian/control
- update debian/rules
-- Micah Gersten <email address hidden> Sun, 11 Sep 2011 22:32:16 -0500
-
gimp (2.6.11-2ubuntu2) oneiric; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
malformed PSP image file
- debian/patches/08_CVE-2011-1782.patch: further fix buffer overflow in
plug-ins/common/file-psp.c.
- CVE-2011-1782
-- Marc Deslauriers <email address hidden> Wed, 08 Jun 2011 10:32:34 -0400
-
gimp (2.6.11-2ubuntu1) oneiric; urgency=low
* Merge with Debian unstable, remaining changes:
- debian/patches/02_help-message.patch,
debian/patches/03_gimp.desktop.in.in.patch:
+ Update some strings for Ubuntu
- debian/control:
+ Update description
+ Change build-depends from libwebkit-dev to libwebkitgtk-dev
- debian/rules:
+ Set gettext domain and update translation templates
gimp (2.6.11-2) unstable; urgency=high
* Fix security issues when reading plugin configuration files and PSP files
(CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543)
(Closes: #608497)
- patches imported from Ubuntu
* Drop libgimp2.0's recommendation on gimp (Closes: #600226)
* remove .la files, even from python modules (Closes: #621230)
* Remove HAL support (Closes: #613201)
* 07_binutils-gold.patch:
- Allow package to build with binutils-gold
-- Iain Lane <email address hidden> Tue, 03 May 2011 21:54:00 +0100
-
gimp (2.6.11-1ubuntu6) natty; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
malformed plugin configuration files
- debian/patches/05_CVE-2010-454x.patch: fix format strings in
plug-ins/{common/sphere-designer,gfig/gfig-style,
lighting/lighting-ui}.c.
- CVE-2010-4540
- CVE-2010-4541
- CVE-2010-4542
* SECURITY UPDATE: denial of service and possible code execution via
malformed PSP image file
- debian/patches/06_CVE-2010-4543.patch: fix buffer overflow in
plug-ins/common/file-psp.c.
- CVE-2010-4543
-- Marc Deslauriers <email address hidden> Thu, 07 Apr 2011 10:40:22 -0400
