CVE-2012-3236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3236): fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. Looking at the upstream commit [1], the 2.6 branch also appears to be affected.
(In reply to comment #0) > CVE-2012-3236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3236): > fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of > service (NULL pointer dereference and application crash) via a malformed > XTENSION header of a .fit file, as demonstrated using a long string. > > > Looking at the upstream commit [1], the 2.6 branch also appears to be > affected. Sorry, copy/paste malfunction. [1] http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c
+*gimp-2.6.12-r5 (22 Sep 2012) + + 22 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r5.ebuild, + +files/gimp-2.6.12-CVE-2012-3236.patch: + Apply upstream patch for CVE-2012-3236 (bug #428708) +
Thanks, Sebastian. GLSA vote: no.
Thanks, folks. GLSA Vote: no too, closing noglsa.