Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 586666 (CVE-2016-4994) - <media-gfx/gimp-2.8.14-r2: Use-after-free vulnerabilities in the channel and layer properties parsing process (CVE-2016-4994)
Summary: <media-gfx/gimp-2.8.14-r2: Use-after-free vulnerabilities in the channel and ...
Status: RESOLVED FIXED
Alias: CVE-2016-4994
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-22 06:59 UTC by Agostino Sarubbo
Modified: 2016-09-20 09:01 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-06-22 06:59:59 UTC 
From ${URL} :

Multiple use-after-free vulnerabilities were found in the channel and layer properties parsing 
process when loading XCF file. Attacker may craft XCF file in order to gain control over objects 
that got previously freed and contains pointers to virtual functions that get executed.

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=767873


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sebastian Pipping gentoo-dev 2016-06-22 20:18:26 UTC 
https://github.com/gentoo/gentoo/commit/331ebdd3de4437b493d0e4e12fa8b97fa976f5a4


# git show --stat | sed 's,@gentoo.org,@g.o,'
commit 331ebdd3de4437b493d0e4e12fa8b97fa976f5a4
Author: Sebastian Pipping <sping@g.o>
Date:   Wed Jun 22 22:12:30 2016 +0200

    media-gfx/gimp: CVE-2016-4994 (bug #586666)
    
    Package-Manager: portage-2.2.28

 .../gimp/files/gimp-2.9.2-CVE-2016-4994.patch      |  88 +++++++++++
 media-gfx/gimp/gimp-2.8.14-r2.ebuild               | 171 +++++++++++++++++++++
 media-gfx/gimp/gimp-2.8.16-r1.ebuild               | 171 +++++++++++++++++++++
 media-gfx/gimp/gimp-2.9.2-r1.ebuild                | 168 ++++++++++++++++++++
 4 files changed, 598 insertions(+)


No objections to stabilizing 2.8.14-r2 from my side.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2016-06-23 03:57:14 UTC 
Arches, please test and mark stable:

=media-gfx/gimp-2.8.14-r2

Target Keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

Thank you!
Comment 3 Agostino Sarubbo gentoo-dev 2016-06-27 08:24:56 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-06-27 08:52:05 UTC 
x86 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2016-06-30 12:21:28 UTC 
Stable on alpha.
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-02 11:09:12 UTC 
Stable for HPPA.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-03 10:02:39 UTC 
Stable for PPC64.
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-08 08:00:21 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 10:08:37 UTC 
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-07-08 12:07:58 UTC 
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 11 Sebastian Pipping gentoo-dev 2016-07-08 12:46:38 UTC 
(In reply to Agostino Sarubbo from comment #10)
> Maintainer(s), please cleanup.

commit 95a37a2c4f74f3874a4596fbe385622bf9c5b83b
Author: Sebastian Pipping <sping@g.o>
Date:   Fri Jul 8 14:43:21 2016 +0200

    media-gfx/gimp: Remove insecure (bug #586666)
    
    Package-Manager: portage-2.2.28

 media-gfx/gimp/Manifest              |   1 -
 media-gfx/gimp/gimp-2.8.10-r1.ebuild | 165 ----------------------------------
 media-gfx/gimp/gimp-2.8.10-r2.ebuild | 168 ----------------------------------
 media-gfx/gimp/gimp-2.8.14-r1.ebuild | 169 -----------------------------------
 media-gfx/gimp/gimp-2.8.14.ebuild    | 164 ---------------------------------
 5 files changed, 667 deletions(-)

https://github.com/gentoo/gentoo/commit/95a37a2c4f74f3874a4596fbe385622bf9c5b83b
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-07-09 01:23:44 UTC 
GLSA Vote: No
Comment 13 Alex Legler (RETIRED) archtester gentoo-dev Security 2016-09-20 09:01:00 UTC 
*** Bug 594486 has been marked as a duplicate of this bug. ***