From ${URL} : Two gimp xwd plugin issues were made public yesterday. The following bugs should have all relevant links: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1978 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1913 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2013-1978 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1978): Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. CVE-2013-1913 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1913): Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
This is fixed upstream in file-xwd: sanity check colormap size (CVE-2013-1913) https://git.gnome.org/browse/gimp/commit/?id=32ae0f83e5748299641cceaabe3f80f1b3afd03e and file-xwd: sanity check # of colors and map entries (CVE-2013-1978) https://git.gnome.org/browse/gimp/commit/?id=23f685931e5f000dd033a45c60c1e60d7f78caf4 Part of 2.8.12. Following that 2.8.14 has been released due to a usability issue. @maintainers: please bump version
(In reply to Kristian Fiskerstrand from comment #2) > Part of 2.8.12. Following that 2.8.14 has been released due to a usability > issue. > > @maintainers: please bump version Conforming both commits to be included in 2.8.14, with different SHA1s though: file-xwd: sanity check colormap size (CVE-2013-1913) # git tag --contains 7f2322e4ced8ba393abc5a0aa15a607f340f0db8 GIMP_2_8_12 GIMP_2_8_14 file-xwd: sanity check # of colors and map entries (CVE-2013-1978) # git tag --contains 0ffb3b6753aad00512349bba31bf5113054c6a0e GIMP_2_8_12 GIMP_2_8_14
+*gimp-2.8.10-r2 (06 Sep 2014) + + 06 Sep 2014; Sebastian Pipping <sping@gentoo.org> gimp-2.8.10-r1.ebuild, + +gimp-2.8.10-r2.ebuild, +files/gimp-2.8.10-CVE-2013-1913.patch, + +files/gimp-2.8.10-CVE-2013-1978.patch, +files/gimp-2.8.10-freetype251.patch: + Add patches for CVE-2013-{1913,1978} to 2.8.10-r2 (bug #493372, 2.8.14 has + them already); inline gimp-2.8.10-freetype251.patch (checksum changed) I would like to propose removal of 2.8.6 and 2.8.8-r1. Those may also be affected and need inspection and we have newer version 2.8.10-r1 (and soon -r2) marked stable, already. Any objections?
Are we ready to call for stable 2.8.14 or 2.8.10-r2? The 30 day wait is almost up (1 more day).
2.8.14-r1 and 2.8.10-r2 are stable.
All vulnerable versions purged. Added to GLSA 20c35ef34.
This issue was resolved and addressed in GLSA 201603-01 at https://security.gentoo.org/glsa/201603-01 by GLSA coordinator Kristian Fiskerstrand (K_F).