edubuntu-bugs team mailing list archive

Thread
Date

[Bug 1690544] Re: include proper fix for CVE-2007-3126, released in GIMP 2.8.22

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Michael Schumacher <schumaml@xxxxxx>
Date: Sat, 13 May 2017 21:14:31 -0000
Reply-to: Bug 1690544 <1690544@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

As I wrote in https://bugzilla.gnome.org/show_bug.cgi?id=773233#c2
(that's the bug for the master branch, where GIMP 2.9.x is being made
from), I could not reproduce the crash mentioned in the CVE. Probably no
surprise, given that CVE was reported against GIMP 2.3.x

However, I'd like to stress that this bug might have been fixed a lot
earlier if any of the downstream vendors who noticed it had reported it
upstream. Please make sure that every non-Ubuntu-specific bug in
Launchpad has a corresponding upstream bug report (adding a reference to
thess is what the "Also affects project" link is for), or that an
upstream report is made if you can't find one.

** Bug watch added: GNOME Bug Tracker #773233
   https://bugzilla.gnome.org/show_bug.cgi?id=773233

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1690544

Title:
  include proper fix for CVE-2007-3126, released in GIMP 2.8.22

To manage notifications about this bug go to:
https://bugs.launchpad.net/gimp/+bug/1690544/+subscriptions

References

[Bug 1690544] [NEW] include proper fix for CVE-2007-3126, released in GIMP 2.8.22
From: nmaxx, 2017-05-13