include proper fix for CVE-2007-3126, released in GIMP 2.8.22
Bug #1690544 reported by
nmaxx
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Gimp |
Fix Released
|
Medium
|
|||
gimp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The GIMP developers announced at https:/
The fix should thus either be back-ported or GIMP bumped to 2.8.22 for supported Ubuntu versions.
CVE References
Changed in gimp: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
To post a comment you must log in.
As I wrote in https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 773233# c2 (that's the bug for the master branch, where GIMP 2.9.x is being made from), I could not reproduce the crash mentioned in the CVE. Probably no surprise, given that CVE was reported against GIMP 2.3.x
However, I'd like to stress that this bug might have been fixed a lot earlier if any of the downstream vendors who noticed it had reported it upstream. Please make sure that every non-Ubuntu-specific bug in Launchpad has a corresponding upstream bug report (adding a reference to thess is what the "Also affects project" link is for), or that an upstream report is made if you can't find one.