-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Dec 2017 22:55:07 +0100 Source: gimp Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg Architecture: all source Version: 2.8.14-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Ari Pollak <ari@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 884836 884837 884862 884925 884927 885347 Description: gimp - The GNU Image Manipulation Program gimp-data - Data files for GIMP gimp-dbg - Debugging symbols for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Changes: gimp (2.8.14-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Out of bounds read / heap overflow in TGA importer (CVE-2017-17786) (Closes: #884862) * plug-ins: TGA 16-bit RGB (without alpha bit) is also valid * Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837) * heap overread in gbr parser / load_image (CVE-2017-17784) (Closes: #884925) * heap overread in psp importer (CVE-2017-17787) (Closes: #884927) * Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836) * buffer overread in XCF parser if version field has no null terminator (CVE-2017-17788) (Closes: #885347) Checksums-Sha1: 4ebd7840ead24563d1846877628e7d7bf8740d4a 3325 gimp_2.8.14-1+deb8u2.dsc 413f17b30783bb9ea1e0c4b56828de6f0400085b 45280 gimp_2.8.14-1+deb8u2.debian.tar.xz 5a73365c9f74629c03b8a204f288df936f27286e 8411802 gimp-data_2.8.14-1+deb8u2_all.deb 8e4432917163840abf78a54c15e6cef5229b1d75 1263776 libgimp2.0-doc_2.8.14-1+deb8u2_all.deb Checksums-Sha256: a564e0a0580b79645778a4b0695772caf4cac2b296c85126779eab0af768e1a1 3325 gimp_2.8.14-1+deb8u2.dsc beb807c2d71e485b9cc36e91aaa28d0c7b3d60ab853cdb5a3a1a8ca3967a5f7b 45280 gimp_2.8.14-1+deb8u2.debian.tar.xz 5497b1a2b2feb04f5852fadfb3f842f5fcfbff10d9939d73cf6523e0a82d9d27 8411802 gimp-data_2.8.14-1+deb8u2_all.deb 434579c7d48528b693057d2445d1c824812ae0b74596164d8e7c21b85917a357 1263776 libgimp2.0-doc_2.8.14-1+deb8u2_all.deb Files: 45afa8a618dc8bde3c45a0703a89758b 3325 graphics optional gimp_2.8.14-1+deb8u2.dsc b3ec4b0d7a7c1d73cf3f560d10145577 45280 graphics optional gimp_2.8.14-1+deb8u2.debian.tar.xz 8dfba5dab0318176f4440d56ad1f1a9a 8411802 graphics optional gimp-data_2.8.14-1+deb8u2_all.deb cf3c5478600b364b7cad5532de2f8f9a 1263776 doc optional libgimp2.0-doc_2.8.14-1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpCyRhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EW0sP/3Rk+UGkhMvbUTSyNEyBbAtSK1zQ0VFV x8VdXvep/PlQdr0qbZWCWNbIuTl6VZjDxVA8F7jopQ0/1C4VveVFDsaj1rbO8Up1 cTQy/aBjCwow7A/dtlWPllWWwTg6ARup89GH2A9TTFKMap3mK1bAy+/UdqExdRDG 1VFEEbZH/IW9jPyqwCn0jYVrIEEqP7c+hv0rN9GafUu33jibLJRrzbGCyWQSCdWi DyLYbF3oEor0zF4tYUEnfwB8Ds2VK3k3k+khFTTkoQ8Z4JT0xp3VBCz3j2eq+5D1 O5fi2C1kb3Gd7zSXYCUk3ztXIUkiQ4y75W1F4WLEYhD5u+j+V18OCmqsSzNZT5tY vc4yzBjt9/W99hT+lOAWtJpzhcgZfitpUQP1QhUWA7n/rTibiw/El2vOHLkCW4Ru WIlOusgOejhdUzxinfNNS6Pp5f+ezmZN3bEtnGgq2/If5Wdf8mo2oD3Bdsuwttea 7s7dWY7rOXf8U3fUsHFks3IFEH64hsSq7PFGY2uC0hLxM+jiYb3fBGwdNlEvcqzL 6dT0dOG+LgEPj7TYA1MO3F1BksusM5PGItOiAMllDrIftPye47utSeIO0WIVjpVi F9BXrJ2p7hbK22eqTsIbGqfPPGu1Ad12cU6vhLGsDVq/w2I0irN53yLn/R3zZqeM iZx9Hv0khJ+x =3Qao -----END PGP SIGNATURE-----
