ubuntustudio-bugs team mailing list archive

Thread
Date

[Bug 1690544] Re: include proper fix for CVE-2007-3126, released in GIMP 2.8.22

To: ubuntustudio-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1690544@xxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Mar 2018 23:55:40 -0000
Reply-to: Bug 1690544 <1690544@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package gimp - 2.8.22-1

---------------
gimp (2.8.22-1) unstable; urgency=medium

  * New upstream release (Closes: #870568, #885382, CVE-2007-3126)
    (LP: #1690544)
  * Switch maintainer to Debian GNOME Team, with Ari's permission
  * Update Vcs fields for migration to https://salsa.debian.org/
  * Drop old Breaks/Conflicts/Replaces not needed since Wheezy
  * Drop obsolete menu and .xpm files
  * Switch from cdbs to dh
  * Bump debhelper compat to 11

 -- Jeremy Bicha <jbicha@xxxxxxxxxx>  Wed, 28 Mar 2018 12:21:18 -0400

** Changed in: gimp (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to gimp in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1690544

Title:
  include proper fix for CVE-2007-3126, released in GIMP 2.8.22

Status in The Gimp:
  Fix Released
Status in gimp package in Ubuntu:
  Fix Released

Bug description:
  The GIMP developers announced at https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/ that version 2.8.22 finally includes a proper fix for the ancient ICO file import crash CVE-2007-3126.
  The fix should thus either be back-ported or GIMP bumped to 2.8.22 for supported Ubuntu versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/gimp/+bug/1690544/+subscriptions

References

[Bug 1690544] [NEW] include proper fix for CVE-2007-3126, released in GIMP 2.8.22
From: nmaxx, 2017-05-13