Bug 186657 - media-gfx/gimp: 2.2.16 regression after PSD security fix
Bug#: 186657 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: enhancement Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: falco@gentoo.org
Component: Vulnerabilities
URL:  http://bugzilla.gnome.org/show_bug.cgi?id=456042
Summary: media-gfx/gimp: 2.2.16 regression after PSD security fix
Keywords:  
Status Whiteboard: [] jaervosz
Opened: 2007-07-26 08:15 0000
Description:   Opened: 2007-07-26 08:15 0000 
Hi,

i wish to make a call for marking gimp-2.2.17 stable because of a regression
introduced by the PSD fix (see security bug 182047 and GLSA 200707-09) (crash
and division by zero in some PSD files, no security risk).

------- Comment #1 From Raphael Marichez 2007-07-31 15:10:04 0000 ------- 
ping Hanno?

------- Comment #2 From Hanno Boeck 2007-07-31 19:03:48 0000 ------- 
Arches, please stabilize.

------- Comment #3 From Jeroen Roovers 2007-07-31 19:39:12 0000 ------- 
Stable for HPPA:
   media-gfx/gimp-2.2.17

------- Comment #4 From Raphael Marichez 2007-07-31 20:39:39 0000 ------- 
thanks Hanno

------- Comment #5 From Gustavo Zacarias (RETIRED) 2007-07-31 21:37:39 0000 ------- 
sparc stable.

------- Comment #6 From Raúl Porcel 2007-08-01 13:12:03 0000 ------- 
alpha/ia64/x86 stable

------- Comment #7 From Markus Rothe 2007-08-01 19:45:59 0000 ------- 
ppc64 stable

------- Comment #8 From Tobias Scherbaum 2007-08-01 20:42:11 0000 ------- 
ppc stable

------- Comment #9 From Sune Kloppenborg Jeppesen 2007-08-14 10:01:57 0000 ------- 
Reassigning to security since it's a regression in a security bump.

------- Comment #10 From Christoph Mende 2007-08-15 14:49:22 0000 ------- 
amd64 stable

------- Comment #11 From Hanno Boeck 2007-08-15 16:06:48 0000 ------- 
security, wanna update the glsa? (to suggest 2.2.17 and also 2.3.19 for ~ and
mips-users)

------- Comment #12 From Sune Kloppenborg Jeppesen 2007-08-15 17:27:18 0000 ------- 
I'll update once I return home from my extended weekend trip if noone has done
it sooner.

------- Comment #13 From Hanno Boeck 2007-09-04 20:36:28 0000 ------- 
security?

------- Comment #14 From Sune Kloppenborg Jeppesen 2007-09-08 15:31:16 0000 ------- 
Hanno sorry for the delay. After taking a closer look at it I don't think we
need to update the GLSA. All users following the instructions in the GLSA
should be safe security wise. Feel free to reopen if there is something I have
overlooked.