ubuntustudio-bugs team mailing list archive

Thread
Date

[Bug 1690544] Re: include proper fix for CVE-2007-3126, released in GIMP 2.8.22

To: ubuntustudio-bugs@xxxxxxxxxxxxxxxxxxx
From: Michael Schumacher <schumaml@xxxxxx>
Date: Sat, 13 May 2017 20:31:41 -0000
Reply-to: Bug 1690544 <1690544@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Bug watch added: GNOME Bug Tracker #778604
   https://bugzilla.gnome.org/show_bug.cgi?id=778604

** Also affects: gimp via
   https://bugzilla.gnome.org/show_bug.cgi?id=778604
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to gimp in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1690544

Title:
  include proper fix for CVE-2007-3126, released in GIMP 2.8.22

Status in The Gimp:
  Unknown
Status in gimp package in Ubuntu:
  New

Bug description:
  The GIMP developers announced at https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/ that version 2.8.22 finally includes a proper fix for the ancient ICO file import crash CVE-2007-3126.
  The fix should thus either be back-ported or GIMP bumped to 2.8.22 for supported Ubuntu versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/gimp/+bug/1690544/+subscriptions

References

[Bug 1690544] [NEW] include proper fix for CVE-2007-3126, released in GIMP 2.8.22
From: nmaxx, 2017-05-13