-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Dec 2017 22:11:46 +0100 Source: gimp Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg Architecture: source Version: 2.8.20-1.1 Distribution: unstable Urgency: medium Maintainer: Ari Pollak <ari@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 860766 884836 884837 884862 884925 884927 885347 Description: gimp - GNU Image Manipulation Program gimp-data - Data files for GIMP gimp-dbg - Debugging symbols for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Changes: gimp (2.8.20-1.1) unstable; urgency=medium . * Non-maintainer upload. . [ Ari Pollak ] * Move gimp to Enhances on gimp-data instead of Recommends (Closes: #860766) . [ Salvatore Bonaccorso ] * Out of bounds read / heap overflow in TGA importer (CVE-2017-17786) (Closes: #884862) * plug-ins: TGA 16-bit RGB (without alpha bit) is also valid * Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837) * heap overread in gbr parser / load_image (CVE-2017-17784) (Closes: #884925) * heap overread in psp importer (CVE-2017-17787) (Closes: #884927) * Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836) * buffer overread in XCF parser if version field has no null terminator (CVE-2017-17788) (Closes: #885347) Checksums-Sha1: fb9dc7b4fe379899af2a76659aeeb26165e96c55 3290 gimp_2.8.20-1.1.dsc d30b2cb3910f33882da0d3c23306ff826a824b26 45196 gimp_2.8.20-1.1.debian.tar.xz Checksums-Sha256: d14a68dbeeea7baa3167d12eca66590214c0893639a2291c0756cc482d9c8a09 3290 gimp_2.8.20-1.1.dsc eb28be08d4b8f25d8f6c1532aedc8ccad2ba21620ee35ddd31674d7f0f8ec8b0 45196 gimp_2.8.20-1.1.debian.tar.xz Files: 9a3f297cc9ccdb1f3a834394e3ba4874 3290 graphics optional gimp_2.8.20-1.1.dsc 0843fcdc38025a0d7ee6754d75311229 45196 graphics optional gimp_2.8.20-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpCv2RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWwcP/iJnTmE2fygK5BoYMUiZ7TQNhSxkQOGh uMhbdy90uGXtlUWIWUuQ5hdsh0a1aSQClX7uXf6VF1TfMcxgO0jKMrHPHraiM/KF rqh/jJsREAx4PDkYqLj5vtif2TbBeDZbu8Do4TgrJWLkDfVpExFHfuDwapUbWNg7 BZcAKtGKuIbFjCuh42WQZ6gbpVZgDzGt/tksI0i3jBvD9xM1xzgbXqZLg38wacZH KOWxsMsBKG1tVx/mcU/x7ltrqBqpiVZeWaVvHpBARKCL0KqSp/CW/yHFBuYYXH7J 0DO5MbxFL7YODY/ZAp0sRq/teijjt5p+fhL4YLVnbjE8vPpuG4XZRAu4iS12xlJU nqKIKnpVvsuv5+VaIIRnxFY2tEQv7fjNu7lm1Ta/qOwgJNTxhM4LjJRHVpEltoxS 9pJ9F9OYODEiHAtn/G34R92gqbj+K4OlqOO1vxLmyuG7JGCebtO6bGxGeUvaVPY1 qYAuz1A/Mib5K17jmRxzl9+xudwhZ7haDuMFJiYVDJucvh+uuxs9hoUDji1Jxz3d g9KkqUAGY08uKL/MGski00dttaiKNfJN4RnJju/rgHixLx8HGKJXTfbLV5v8sr0A CVnEuhWqJMFpjluGbwaFbujhhadNEQLr8Jej283oGnBbIA4Nt1xGxRl8a8HqhAwS 7BQdNDZtEiA9 =UI5/ -----END PGP SIGNATURE-----
