Multiple integer overflows in the load_image function in file-pcx.c in the
Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted PCX image that triggers a
heap-based buffer overflow.
Looking into this, it seems that this is a rather old issue that has been fixed in 2009, just the public disclosure of the bug happened recently.
The git commit you link is from 2009 and already applied on 2.6.11. So no need to act imho. Anyone disagrees?
Agreed. I manually checked the 2.6.11 source and it contains the fix. I do not however see a GLSA for this; added to existing request.
This issue was resolved and addressed in
GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml
by GLSA coordinator Sean Amoss (ackle).