Your message dated Wed, 15 Nov 2023 14:35:34 +0000
with message-id <[email protected]>
and subject line Bug#1055984: fixed in gimp 2.10.36-1
has caused the Debian Bug report #1055984,
regarding gimp: CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1055984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 2.10.34-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for gimp.
CVE-2023-44441[0]:
| GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution
| Vulnerability
CVE-2023-44442[1]:
| GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution
| Vulnerability
CVE-2023-44443[2]:
| GIMP PSP File Parsing Integer Overflow Remote Code Execution
| Vulnerability
CVE-2023-44444[3]:
| GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-44441
https://www.cve.org/CVERecord?id=CVE-2023-44441
[1] https://security-tracker.debian.org/tracker/CVE-2023-44442
https://www.cve.org/CVERecord?id=CVE-2023-44442
[2] https://security-tracker.debian.org/tracker/CVE-2023-44443
https://www.cve.org/CVERecord?id=CVE-2023-44443
[3] https://security-tracker.debian.org/tracker/CVE-2023-44444
https://www.cve.org/CVERecord?id=CVE-2023-44444
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 2.10.36-1
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Nov 2023 07:31:56 -0500
Source: gimp
Built-For-Profiles: noudeb
Architecture: source
Version: 2.10.36-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1055984
Changes:
gimp (2.10.36-1) unstable; urgency=medium
.
* New upstream release
- Fixed vulnerabilities (Closes: #1055984):
+ CVE-2023-44441, ZDI-23-1592, ZDI-CAN-22093
+ CVE-2023-44442, ZDI-23-1594, ZDI-CAN-22094
+ CVE-2023-44443, ZDI-23-1593, ZDI-CAN-22096
+ CVE-2023-44444, ZDI-23-1591, ZDI-CAN-22097
Checksums-Sha1:
bad08d4e780f11f8df9c09a2f44ec4ec9a78eded 3502 gimp_2.10.36-1.dsc
0311a880373ad36056d3a9220ebe201c5d9d4699 31532334 gimp_2.10.36.orig.tar.bz2
adcb1f685f1dc3769def36e1392e83d84b88dd9c 58028 gimp_2.10.36-1.debian.tar.xz
7ee8ac47303b2f80ed01eabbb627a24edbc68d31 15658 gimp_2.10.36-1_source.buildinfo
Checksums-Sha256:
4b0b3ce7488b99ff2d893cda6c0cd8ac3ed271b8588f4ac5eec1d2a9120f0432 3502
gimp_2.10.36-1.dsc
3d3bc3c69a4bdb3aea9ba2d5385ed98ea03953f3857aafd1d6976011ed7cdbb2 31532334
gimp_2.10.36.orig.tar.bz2
aacb708ddfd0c9902bd2e41ed8fb359c7bb528fc1f39dd88b942cd688338c187 58028
gimp_2.10.36-1.debian.tar.xz
a8447d6ce545a62a2335a5a22548ddcb9de277317f3168f487a18c0c963f7c50 15658
gimp_2.10.36-1_source.buildinfo
Files:
0a986839f23a25b9d44669b264b3a860 3502 graphics optional gimp_2.10.36-1.dsc
e44e1c91b09db8fcdc9ef5797ce11b77 31532334 graphics optional
gimp_2.10.36.orig.tar.bz2
0f629c2517ede154613d6135e541dc43 58028 graphics optional
gimp_2.10.36-1.debian.tar.xz
755eb3176ac9ed3e3e587462ec70a7f0 15658 graphics optional
gimp_2.10.36-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmVU0gYACgkQ5mx3Wuv+
bH3HEQ/8DAU3rzxoGwF4PRfChTgxuHxDc0VpGRV38UmmtHcTWVKFjVp2U2h9qKgI
pW0umMa5xMh9tFfo1BRV5CsmeNkSh9ygwPVNAleQ36GNdBfwRL0Li3XWe0ZXu++r
5HQgUAv166e4HHGCtpsmTvdN4n5SJK/WDostwfwwHHB8RgHjJHfm2RRElTTdlerF
oQnCAcmfOPYYiVasaWnS+noStkeEmunpaV4fhp7Jkb8tpomplC33HokLucD+g1zK
4sSVQY+ZVwV96z3umUcvlv2psavmwQC7QmbcK5yJOOhyzdVwOgAtXHPwHXNj4jlC
wBEV+9JN7lic4or8BiFeeJyQHFDVwii8I1cGDgIupnW8QL8Nd9/835gSHmRwbzBV
s1kPFAsI/UTBWCjkFLffvW7vCJ46qU4lzjyPOLzMqR/cjA7ASJrwVc6AjZkqR3Ku
RsVdpKkhJEV0NjDktEi68E03jKUb+gMbKIM8c2+R9DuZbjxte2wWtFaySeR2Es34
boCEvDVsDLMl9ASz6vJWGaycBEQXPTBnFVmJs3rPYZyvfpPq02QeL7fB8OLdNQKp
VmzC9B+69J3UPpOujMmgbpUGod+frZoi4pTeQjNOEgmt8+RyKkchtY4T3xMZMoWC
yT5no1rE6r1uaUOdyGr7tDcugs8aW/UGBW+anEqK/mtL8ktvYdQ=
=fws2
-----END PGP SIGNATURE-----
--- End Message ---
