Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted gimp 2.8.18-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 08 Feb 2018 21:20:27 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 Dec 2017 22:39:04 +0100
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: source
Version: 2.8.18-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 884836 884837 884862 884925 884927 885347
Description: 
 gimp       - GNU Image Manipulation Program
 gimp-data  - Data files for GIMP
 gimp-dbg   - Debugging symbols for GIMP
 libgimp2.0 - Libraries for the GNU Image Manipulation Program
 libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
 libgimp2.0-doc - Developers' Documentation for the GIMP library
Changes:
 gimp (2.8.18-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Out of bounds read / heap overflow in TGA importer (CVE-2017-17786)
     (Closes: #884862)
   * plug-ins: TGA 16-bit RGB (without alpha bit) is also valid
   * Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837)
   * heap overread in gbr parser / load_image (CVE-2017-17784)
     (Closes: #884925)
   * heap overread in psp importer (CVE-2017-17787) (Closes: #884927)
   * Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836)
   * buffer overread in XCF parser if version field has no null terminator
     (CVE-2017-17788) (Closes: #885347)
Checksums-Sha1: 
 b891cdf11b3e82778c09878a466629cdee781311 3310 gimp_2.8.18-1+deb9u1.dsc
 42434a0782c37803fbd184dbb9b648be887f4f40 20824198 gimp_2.8.18.orig.tar.bz2
 5867d94825695aa5c47fd3bd92dc233029d34102 45212 gimp_2.8.18-1+deb9u1.debian.tar.xz
Checksums-Sha256: 
 19e837214c93d16b2c32c9d3c7760ed2a0e598c56ee3044bcc5af3e908a2f896 3310 gimp_2.8.18-1+deb9u1.dsc
 39dd2247c678deaf5cc664397d3c6bd4fb910d3472290fd54b52b441b5815441 20824198 gimp_2.8.18.orig.tar.bz2
 8bbf100f772506de22e5ce66a8d520f326065ad0690d818723ff75efe58d3972 45212 gimp_2.8.18-1+deb9u1.debian.tar.xz
Files: 
 2fcb5534d2ddb552693af1f4a5af325a 3310 graphics optional gimp_2.8.18-1+deb9u1.dsc
 5adaa11a68bc8a42bb2c778fee4d389c 20824198 graphics optional gimp_2.8.18.orig.tar.bz2
 34c459aea0fe89203cff012c1a23e459 45212 graphics optional gimp_2.8.18-1+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpCxFpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQKcP+QG/AbRikyqixFENdnx0pNd2gxjAfsI6
uLImORJKpfm41NKG6TWO/H0jC1Dc8dn80wdAzhrdHwOqEv5/NyU3SafhZbgkxGum
DzvJR8YykgbJpXyZoo1y4i64bRhz4NegMf3mm+3wspWWI4Qqgme+aGbnb9bS0EUt
o3PBgG3sBQm9o6EOxCbTAGyOuFPfJDAF1vQ/+gtWnqqu0FjiUQ512swKBNmnV+VX
ah1z9504X0MQm97ufYRzs/fVdf53Dx6OmPZpuOLLqVHm0SUvBA+4XFVtDu2EBGVx
GS6u598GawuZ19D9vwBn0LSNjnv5zlo+29t9zZ7Z9lj0AVgMC0zSoqWWWSNEELyA
fSlUAGhVBErnKEZXMHGnVxMrjknMM0V1aewq3LME5tJ1XV04JHLtnmHH1ELVmbPj
DKEsb52RDQhzB62PlXUdNL0kkYjc/dUbVcGX6wQMd3NuADv9yIM08DDdbb4pVoUe
HeNYIGjQBApXLM3qH9ySxWGmp7LbEyF6KO7UVdnhcDMBmdT1bbggpMo+ztyIBWbF
wU2Og8XHRNVEXQEYRNuX6p6XnE+XLj3+1wM/4drExu+ZV0xiCFwp20x0623XpgL/
di9xyyuZnm0p48x3v0YOGYtd00QpHBGMV4A0tq0GxYS34LiUVD6JQ5R45Qm7RSR1
Gjr4FdXhIMyD
=awku
-----END PGP SIGNATURE-----
News for package gimp
