Package: gimp Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for gimp.
CVE-2009-1570[0]: | Secunia Research has discovered a vulnerability in Gimp, which can be | exploited by malicious people to potentially compromise a user's | system. | | The vulnerability is caused by an integer overflow error within the | "ReadImage()" function in plug-ins/file-bmp/bmp-read.c. This can be | exploited to cause a heap-based buffer overflow by e.g. tricking a | user into opening a specially crafted BMP file. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Patch: http://git.gnome.org/cgit/gimp/commit/?id=e3afc99b2fa7aeddf0dba4778663160a5bc682d3 Do you also have the time to provide updated packages for stable/oldstable? For further information see: [0] http://secunia.com/secunia_research/2009-42/ http://security-tracker.debian.org/tracker/CVE-2009-1570 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpVQDd1VszCu.pgp
Description: PGP signature
