Format: 1.8
Date: Tue, 28 Nov 2023 07:38:10 -0500
Source: gimp
Binary: gimp libgimp2.0 libgimp2.0-dev
Architecture: armhf armhf_translations
Version: 2.10.18-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-048.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 gimp       - GNU Image Manipulation Program
 libgimp2.0 - Libraries for the GNU Image Manipulation Program
 libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
Launchpad-Bugs-Fixed: 1982422
Changes:
 gimp (2.10.18-1ubuntu0.1) focal-security; urgency=medium
 .
   [ Luís Infante da Câmara ]
   * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
     program crash via a crafted XCF file (LP: #1982422)
     - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
       the next property when xcf_old_path fails.
     - CVE-2022-30067
   * SECURITY UPDATE: Denial of service via a crafted XCF file
     (LP: #1982422)
     - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
       loading XCF files.
     - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
       loading XCF files.
     - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
       gimp_channel_is_empty when channel is NULL.
     - CVE-2022-32990
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
     - debian/patches/CVE-2023-44441-1.patch: verify header information in
       plug-ins/file-dds/ddsread.c.
     - debian/patches/CVE-2023-44441-2.patch: fix checks in
       plug-ins/file-dds/ddsread.c.
     - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
       plug-ins/file-dds/ddsread.c.
     - CVE-2023-44441
   * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
     - debian/patches/CVE-2023-44442.patch: add missing break statement in
       plug-ins/file-psd/psd-util.c.
     - CVE-2023-44442
   * SECURITY UPDATE: PSP File Parsing Off-By-One
     - debian/patches/CVE-2023-44444.patch: fix buffer size in
       plug-ins/common/file-psp.c.
     - CVE-2023-44444
Checksums-Sha1:
 da6432912b1d72059a9cd95a10a4423b8c04822a 14845340 gimp-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 4eb60eb141ff528f7770c7440243d6c46553d3da 22290 gimp_2.10.18-1ubuntu0.1_armhf.buildinfo
 d18367b99a3ea7dc6eb4032ec77430c8d57a5a4d 3677572 gimp_2.10.18-1ubuntu0.1_armhf.deb
 8f54b4f80f6b99a7273e19f9b1173b1f704c2f4d 18129937 gimp_2.10.18-1ubuntu0.1_armhf_translations.tar.gz
 d36ff6e664926e256e19613beab0e93617ef3226 1287768 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 ad683ad1d92cafe0af5bf4ce03b5dc4332f2ba84 19484 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 c4114802d1b0b08eefd3a7f589e755410d39c10b 103100 libgimp2.0-dev_2.10.18-1ubuntu0.1_armhf.deb
 b9ee4dfa31a85bbb80fedfd331067cafa2c1c9cb 361640 libgimp2.0_2.10.18-1ubuntu0.1_armhf.deb
Checksums-Sha256:
 ce8d49ca341344ba0d559cca62987d5ce5bff9be5fe1de74685d2077dca61472 14845340 gimp-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 fa51afb8820703ca427bb8e7dfaa058f21b0916678ff6c2de1e0768d052c1660 22290 gimp_2.10.18-1ubuntu0.1_armhf.buildinfo
 0def00648f970ad51d67836e31945de7464e05a157640c74573abbf262ca8b3a 3677572 gimp_2.10.18-1ubuntu0.1_armhf.deb
 a2569905513cac18951aedb07a528cea36d9e9cd641aed0d87b3b67fd91863a2 18129937 gimp_2.10.18-1ubuntu0.1_armhf_translations.tar.gz
 1e7d1f0527d6cdf99db8bb37fd2c0b1fa5468b6a3645f3f10bb47b9a4fdc78b0 1287768 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 f38e1c6f4c35b1150404dd4750548d0d3f3692d4fcc5ddf959d0129d8f4e18dd 19484 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 846eee29cf73f14e2433962e1d7e32610d2bb92ec21dd6381a99a3765917c2b1 103100 libgimp2.0-dev_2.10.18-1ubuntu0.1_armhf.deb
 8a5dc157df304b3f96441091a3810bad5b6739cd3b49c6ced2371047608a26f2 361640 libgimp2.0_2.10.18-1ubuntu0.1_armhf.deb
Files:
 9407af1cda4469ddc8f9097e5ca9e6d3 14845340 debug optional gimp-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 8c3b85e9e969f21bca004100c6a4e805 22290 graphics optional gimp_2.10.18-1ubuntu0.1_armhf.buildinfo
 0c409e2aa3609e13770213bc74a8969e 3677572 graphics optional gimp_2.10.18-1ubuntu0.1_armhf.deb
 b7cc5d33e099d7cf00184a073e09707c 18129937 raw-translations - gimp_2.10.18-1ubuntu0.1_armhf_translations.tar.gz
 fe47f979dbd00f46b9e8a6827e6a5830 1287768 debug optional libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 5f3fcecce532790533ce76a4cd9c4d23 19484 debug optional libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_armhf.ddeb
 54869db6efc04b2a66f8a687db4427bd 103100 libdevel optional libgimp2.0-dev_2.10.18-1ubuntu0.1_armhf.deb
 c64749a45c8227440525ee65bedc2234 361640 libs optional libgimp2.0_2.10.18-1ubuntu0.1_armhf.deb
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>