CVE-2012-3403 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3403): Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
Patches are available at $URL. Please prepare an updated ebuild.
CVE-2012-3481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3481): Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Patches for the latter issue are available at https://bugzilla.redhat.com/show_bug.cgi?id=847303#c5
+*gimp-2.6.12-r3 (14 Sep 2012) + + 14 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r3.ebuild, + +files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch, + +files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch: + Add patches for CVE-2012-3481 to 2.6.12 (bug #434580), 2.8.2 is patched by + upstream already + Up next: - Check patches for CVE-2012-3403 - Stabilize 2.6.12-r3 ebuild
+*gimp-2.6.12-r4 (15 Sep 2012) + + 15 Sep 2012; Sebastian Pipping <sping@gentoo.org> -gimp-2.6.12-r3.ebuild, + +gimp-2.6.12-r4.ebuild, +files/gimp-2.6.12-CVE-2012-3403.patch, + +files/gimp-2.6.12-CVE-2012-3481.patch, + -files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch, + -files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch: + Apply patch for CVE-2012-3403 and single-file patch for CVE-2012-3481 (both + from Fedora, Gentoo bug #434580) + Up next: - Stabilize 2.6.12-r4 ebuild
Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a fix for bug 428708? We would then be able to handle both bugs with 1 stabilization.
(In reply to comment #6) > Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a > fix for bug 428708? We would then be able to handle both bugs with 1 > stabilization. I missed bug #428708 previously. Thanks for bringing it to my attention. A patch for that one is applied in 2.6.12-r5 now. It would be great if the last arch to stable 2.6.12-r5 could remove 2.6.12-r2 and 2.6.12-r4 from the tree (or remind me to do it). Thank you!
(In reply to comment #7) > > I missed bug #428708 previously. Thanks for bringing it to my attention. A > patch for that one is applied in 2.6.12-r5 now. > Great, thank you. Arches, please test and mark stable: =media-gfx/gimp-2.6.12-r5 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64: all fine.
amd64 stable
Stable for HPPA.
x86 done.
ppc64 stable
stable ppc
alpha/ia64/sparc stable
Thanks, everyone. Filing a new GLSA request.
This issue was resolved and addressed in GLSA 201311-05 at http://security.gentoo.org/glsa/glsa-201311-05.xml by GLSA coordinator Sean Amoss (ackle).