Summary: | <media-gfx/gimp-2.8.0: scriptfu network server: Arbitrary code execution (CVE-2012-4245) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hanno, sping |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2012-09-10 13:01:28 UTC
It looks like Gimp 2.8.6 is affected too. I have just voiced that impression in a reply on the oss-security mailing list: http://thread.gmane.org/gmane.comp.security.oss.general/8173/focus=11115 What I have in mind for further mitigation would be for upstream, not downstream to do. For details, please check this upstream bug report: https://bugzilla.gnome.org/show_bug.cgi?id=708098 If there is anything we should do downstream, please let me know. CVE is resolved as of gimp-2.8.0: https://bugzilla.gnome.org/show_bug.cgi?id=708098 Commit message: https://git.gnome.org/browse/gimp/commit/?id=3b72ad8939c3a1463492d102dfe457e5fef68d04 All vulnerable ebuilds are cleared in the tree already. GLSA Draft: 20c35ef34 This issue was resolved and addressed in GLSA 201603-01 at https://security.gentoo.org/glsa/201603-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |