ubuntustudio-bugs team mailing list archive

Thread
Date

[Bug 1690544] Re: include proper fix for CVE-2007-3126, released in GIMP 2.8.22

To: ubuntustudio-bugs@xxxxxxxxxxxxxxxxxxx
From: Jeremy Bicha <jeremy@xxxxxxxxx>
Date: Wed, 28 Mar 2018 16:24:58 -0000
Reply-to: Bug 1690544 <1690544@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This will be updated in Ubuntu 18.04 "bionic" via sync from Debian.

** Changed in: gimp (Ubuntu)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to gimp in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1690544

Title:
  include proper fix for CVE-2007-3126, released in GIMP 2.8.22

Status in The Gimp:
  Fix Released
Status in gimp package in Ubuntu:
  Fix Committed

Bug description:
  The GIMP developers announced at https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/ that version 2.8.22 finally includes a proper fix for the ancient ICO file import crash CVE-2007-3126.
  The fix should thus either be back-ported or GIMP bumped to 2.8.22 for supported Ubuntu versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/gimp/+bug/1690544/+subscriptions

References

[Bug 1690544] [NEW] include proper fix for CVE-2007-3126, released in GIMP 2.8.22
From: nmaxx, 2017-05-13