Bug 434580 (CVE-2012-3403)

Comment 1 Tobias Heinlein (RETIRED) 2012-09-10 12:44:13 UTC

Patches are available at $URL. Please prepare an updated ebuild.

Comment 2 GLSAMaker/CVETool Bot 2012-09-10 12:54:19 UTC

CVE-2012-3481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3481):
  Integer overflow in the ReadImage function in
  plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP
  2.8.x and earlier allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via crafted height
  and len properties in a GIF image file, which triggers a heap-based buffer
  overflow.  NOTE: some of these details are obtained from third party
  information.

Comment 3 Tobias Heinlein (RETIRED) 2012-09-10 12:56:09 UTC

Patches for the latter issue are available at
https://bugzilla.redhat.com/show_bug.cgi?id=847303#c5

Comment 4 Sebastian Pipping 2012-09-14 22:46:57 UTC

+*gimp-2.6.12-r3 (14 Sep 2012)
+
+  14 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r3.ebuild,
+  +files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch,
+  +files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch:
+  Add patches for CVE-2012-3481 to 2.6.12 (bug #434580), 2.8.2 is patched by
+  upstream already
+

Up next:
- Check patches for CVE-2012-3403
- Stabilize 2.6.12-r3 ebuild

Comment 5 Sebastian Pipping 2012-09-15 01:37:42 UTC

+*gimp-2.6.12-r4 (15 Sep 2012)
+
+  15 Sep 2012; Sebastian Pipping <sping@gentoo.org> -gimp-2.6.12-r3.ebuild,
+  +gimp-2.6.12-r4.ebuild, +files/gimp-2.6.12-CVE-2012-3403.patch,
+  +files/gimp-2.6.12-CVE-2012-3481.patch,
+  -files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch,
+  -files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch:
+  Apply patch for CVE-2012-3403 and single-file patch for CVE-2012-3481 (both
+  from Fedora, Gentoo bug #434580)
+

Up next:
- Stabilize 2.6.12-r4 ebuild

Comment 6 Sean Amoss (RETIRED) 2012-09-20 13:09:36 UTC

Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a fix for bug 428708? We would then be able to handle both bugs with 1 stabilization.

Comment 7 Sebastian Pipping 2012-09-22 21:47:25 UTC

(In reply to comment #6)
> Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a
> fix for bug 428708? We would then be able to handle both bugs with 1
> stabilization.

I missed bug #428708 previously.  Thanks for bringing it to my attention.  A patch for that one is applied in 2.6.12-r5 now.

It would be great if the last arch to stable 2.6.12-r5 could remove 2.6.12-r2 and 2.6.12-r4 from the tree (or remind me to do it).  Thank you!

Comment 8 Tim Sammut (RETIRED) 2012-09-22 23:16:50 UTC

(In reply to comment #7)
> 
> I missed bug #428708 previously.  Thanks for bringing it to my attention.  A
> patch for that one is applied in 2.6.12-r5 now.
> 


Great, thank you.

Arches, please test and mark stable:
=media-gfx/gimp-2.6.12-r5
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

Comment 9 Vicente Olivert Riera (RETIRED) 2012-09-23 11:02:08 UTC

amd64: all fine.

Comment 10 Richard Freeman 2012-09-23 11:25:13 UTC

amd64 stable

Comment 11 Jeroen Roovers (RETIRED) 2012-09-24 01:23:02 UTC

Stable for HPPA.

Comment 12 Andreas Schürch 2012-09-24 11:36:04 UTC

x86 done.

Comment 13 Kacper Kowalik (Xarthisius) (RETIRED) 2012-09-28 17:01:34 UTC

ppc64 stable

Comment 14 Anthony Basile 2012-09-29 04:56:20 UTC

stable ppc

Comment 15 Raúl Porcel (RETIRED) 2012-09-29 16:10:03 UTC

alpha/ia64/sparc stable

Comment 16 Sean Amoss (RETIRED) 2012-09-30 02:48:16 UTC

Thanks, everyone.

Filing a new GLSA request.

Comment 17 GLSAMaker/CVETool Bot 2013-11-10 15:14:20 UTC

This issue was resolved and addressed in
 GLSA 201311-05 at http://security.gentoo.org/glsa/glsa-201311-05.xml
by GLSA coordinator Sean Amoss (ackle).