Summary: | <media-gfx/gimp-2.8.2-r1: memory corruption vulnerability (CVE-2012-5576) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sping |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 481736 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-11-22 10:26:19 UTC
+*gimp-2.8.2-r1 (25 Nov 2012) + + 25 Nov 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.8.2-r1.ebuild, + +files/gimp-2.8.2-xwd-file-security.patch: + Apply upstream security patch on reading XWD files (bug #444280) + CVE-2012-5576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5576): Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file. Thanks, Sebastian. Is 2.6.12 affected? And should we begin stabilization of 2.8.2-r1? Arches, please test and stabilize: =media-gfx/gimp-2.8.2 Target arches: alpha amd64 hppa ia64 ppc ppc64 sparc x86 Added to existing GLSA draft This issue was resolved and addressed in GLSA 201311-05 at http://security.gentoo.org/glsa/glsa-201311-05.xml by GLSA coordinator Sean Amoss (ackle). |