Format: 1.8
Date: Tue, 28 Nov 2023 07:38:10 -0500
Source: gimp
Binary: gimp libgimp2.0 libgimp2.0-dev
Architecture: riscv64 riscv64_translations
Version: 2.10.18-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos03-riscv64-058.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 gimp       - GNU Image Manipulation Program
 libgimp2.0 - Libraries for the GNU Image Manipulation Program
 libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
Launchpad-Bugs-Fixed: 1982422
Changes:
 gimp (2.10.18-1ubuntu0.1) focal-security; urgency=medium
 .
   [ Luís Infante da Câmara ]
   * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
     program crash via a crafted XCF file (LP: #1982422)
     - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
       the next property when xcf_old_path fails.
     - CVE-2022-30067
   * SECURITY UPDATE: Denial of service via a crafted XCF file
     (LP: #1982422)
     - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
       loading XCF files.
     - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
       loading XCF files.
     - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
       gimp_channel_is_empty when channel is NULL.
     - CVE-2022-32990
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
     - debian/patches/CVE-2023-44441-1.patch: verify header information in
       plug-ins/file-dds/ddsread.c.
     - debian/patches/CVE-2023-44441-2.patch: fix checks in
       plug-ins/file-dds/ddsread.c.
     - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
       plug-ins/file-dds/ddsread.c.
     - CVE-2023-44441
   * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
     - debian/patches/CVE-2023-44442.patch: add missing break statement in
       plug-ins/file-psd/psd-util.c.
     - CVE-2023-44442
   * SECURITY UPDATE: PSP File Parsing Off-By-One
     - debian/patches/CVE-2023-44444.patch: fix buffer size in
       plug-ins/common/file-psp.c.
     - CVE-2023-44444
Checksums-Sha1:
 bfac7b69a55b420f7a351030af700f827669f1da 14769636 gimp-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 047a96fcc1e8fdebdbe337bda1b9f196bff3d969 22256 gimp_2.10.18-1ubuntu0.1_riscv64.buildinfo
 9fda35137250581415bbc7739fa8bf3b4f4d1979 3857324 gimp_2.10.18-1ubuntu0.1_riscv64.deb
 a4fc814084c873d391ccaeb50488991fa1175c43 18138085 gimp_2.10.18-1ubuntu0.1_riscv64_translations.tar.gz
 36e5c91c7f84e71d8e05112e046cede3863c5640 1286632 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 beeefb4471994b6c47fab8c0508a54a521b1473f 18344 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 4f8c83e318b5157ca9a95ce7f400d14a7d39b74e 102960 libgimp2.0-dev_2.10.18-1ubuntu0.1_riscv64.deb
 af3f646c3d063e1d97dd591dcc159000489a85fb 359688 libgimp2.0_2.10.18-1ubuntu0.1_riscv64.deb
Checksums-Sha256:
 db6a5db9d659a49a0503a6dfe40f3b58ad3153a64517c469809ba7b0f629bc91 14769636 gimp-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 ce6b54710d9965e88d4de45df39ccc3c177b4ce78e0ac9fcdcaedfa942c19c2f 22256 gimp_2.10.18-1ubuntu0.1_riscv64.buildinfo
 b9edad1c764c1b9bc4a27e9514a0879d62b35d0857206167300cceeb17b30da9 3857324 gimp_2.10.18-1ubuntu0.1_riscv64.deb
 0e4741357946d8b143ebce5e15a1d8f800ed5f3ee5b8d471b99d58b3a3ee10e7 18138085 gimp_2.10.18-1ubuntu0.1_riscv64_translations.tar.gz
 a2fb6f6563b4253f39e6d88d63c0ff679ece35eeaf380fe077878fb29c638708 1286632 libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 32d80e49a3e13089d6715acb945817e7bbc2fcffd5fe237e65410ace9b607875 18344 libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 8e5f381f0289b92a1347b1b0bdc2904b3800732a3ef425a53af3d9802ba63a22 102960 libgimp2.0-dev_2.10.18-1ubuntu0.1_riscv64.deb
 424e891883c7927a665f24398220b139bd9f86de49fa15e8ae3fffebcb3834b3 359688 libgimp2.0_2.10.18-1ubuntu0.1_riscv64.deb
Files:
 9ef85b9d8ea5ecfccf7a42324eeda3f6 14769636 debug optional gimp-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 88dedad080fb62dde630ca0a9a60932a 22256 graphics optional gimp_2.10.18-1ubuntu0.1_riscv64.buildinfo
 b6d9126e91c35fc9d9c957683deebacc 3857324 graphics optional gimp_2.10.18-1ubuntu0.1_riscv64.deb
 d2d1b63a2cfb8b8d599339c459835cdd 18138085 raw-translations - gimp_2.10.18-1ubuntu0.1_riscv64_translations.tar.gz
 916627533314ccae70250188a64c4fad 1286632 debug optional libgimp2.0-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 7afd82dabe934b1bec85830432314fe9 18344 debug optional libgimp2.0-dev-dbgsym_2.10.18-1ubuntu0.1_riscv64.ddeb
 971822164d65e7372e083fe0468f9cef 102960 libdevel optional libgimp2.0-dev_2.10.18-1ubuntu0.1_riscv64.deb
 0ea9a664017747ebdb7022fd1720c480 359688 libs optional libgimp2.0_2.10.18-1ubuntu0.1_riscv64.deb
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>