edubuntu-bugs team mailing list archive

Thread
Date

[Bug 1982422] Re: Multiple vulnerabilities in Bionic, Focal and Jammy

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <1982422@xxxxxxxxxxxxxxxxxx>
Date: Tue, 09 Aug 2022 13:21:24 -0000
Reply-to: Bug 1982422 <1982422@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

I took a look at the debdiffs in #2, #3, and #8, and here are my
comments:

For Bionic:

- The package doesn't build with the debdiff provided. Please fix and make sure it builds before submitting it again.
- In CVE-2022-32990-2.patch, you dropped the section that patches xcf_load_buffer, but in Bionic, the function is called xcf_load_hierarchy, please add the section back and patch the appropriate function.

For Focal:
- The patch for CVE-2018-12713 is missing, please add it.

For Jammy:

- The patch for CVE-2018-12713 is missing, please add it.
- You seemed to have bumped the version of gegl required in the debian/control file for no reason, and it is not mentioned in the changelog. Please remove this change.

Once those changes are done and new debdiffs have been attached, please
detail the testing that you performed to make sure Gimp still works,
thanks!

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1982422

Title:
  Multiple vulnerabilities in Bionic, Focal and Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+subscriptions

References

[Bug 1982422] [NEW] Multiple vulnerabilities in Bionic, Focal and Jammy
From: Luís Cunha dos Reis Infante da Câmara, 2022-07-20