From http://www.openwall.com/lists/oss-security/2012/11/21/2 : Name: Gimp memory corruption vulnerability Software: GIMP 2.8.2 Software link: http://www.gimp.org/ <http://plib.sourceforge.net/> Vulnerability Type: Memory Corruption Description: GIMP 2.8.2 is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Upstream fix: http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 (fixed in master and gimp-2-8) References: https://bugzilla.gnome.org/show_bug.cgi?id=687392
+*gimp-2.8.2-r1 (25 Nov 2012) + + 25 Nov 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.8.2-r1.ebuild, + +files/gimp-2.8.2-xwd-file-security.patch: + Apply upstream security patch on reading XWD files (bug #444280) +
CVE-2012-5576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5576): Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
Thanks, Sebastian. Is 2.6.12 affected? And should we begin stabilization of 2.8.2-r1?
Arches, please test and stabilize: =media-gfx/gimp-2.8.2 Target arches: alpha amd64 hppa ia64 ppc ppc64 sparc x86
Added to existing GLSA draft
This issue was resolved and addressed in GLSA 201311-05 at http://security.gentoo.org/glsa/glsa-201311-05.xml by GLSA coordinator Sean Amoss (ackle).