Your message dated Wed, 13 Dec 2023 07:02:25 +0000
with message-id <[email protected]>
and subject line Bug#1055984: fixed in gimp 2.10.22-4+deb11u1
has caused the Debian Bug report #1055984,
regarding gimp: CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1055984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 2.10.34-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for gimp.
CVE-2023-44441[0]:
| GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution
| Vulnerability
CVE-2023-44442[1]:
| GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution
| Vulnerability
CVE-2023-44443[2]:
| GIMP PSP File Parsing Integer Overflow Remote Code Execution
| Vulnerability
CVE-2023-44444[3]:
| GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-44441
https://www.cve.org/CVERecord?id=CVE-2023-44441
[1] https://security-tracker.debian.org/tracker/CVE-2023-44442
https://www.cve.org/CVERecord?id=CVE-2023-44442
[2] https://security-tracker.debian.org/tracker/CVE-2023-44443
https://www.cve.org/CVERecord?id=CVE-2023-44443
[3] https://security-tracker.debian.org/tracker/CVE-2023-44444
https://www.cve.org/CVERecord?id=CVE-2023-44444
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 2.10.22-4+deb11u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Nov 2023 20:41:31 +0100
Source: gimp
Architecture: source
Version: 2.10.22-4+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1055984
Changes:
gimp (2.10.22-4+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* plug-ins: Fix vulnerabilities in file-psp (CVE-2023-44443, CVE-2023-44444)
(Closes: #1055984)
* plug-ins: Fix vulnerability in file-psd (CVE-2023-44442)
(Closes: #1055984)
* plug-ins: Fix DDS vulnerability (ZDI-CAN-22093) (CVE-2023-44441)
(Closes: #1055984)
* plug-ins: Fix DDS import regression
* plug-ins: Additional fixes for DDS Import
Checksums-Sha1:
9ae076d0c9645d4f71be421bc290654d95e022e3 3625 gimp_2.10.22-4+deb11u1.dsc
da1687341e846fef784485511809da2988cb8200 33152226 gimp_2.10.22.orig.tar.bz2
d65420556464d27d631819a19b5965535106bf7a 61372
gimp_2.10.22-4+deb11u1.debian.tar.xz
af832d7784f482da70e69fcfef44bfbc8666385e 7236
gimp_2.10.22-4+deb11u1_source.buildinfo
Checksums-Sha256:
3d96cf7688404d776d4f11cfe8de20ed369ca87ccf6a9d7b936c05ca9bcf76bb 3625
gimp_2.10.22-4+deb11u1.dsc
2db84b57f3778d80b3466d7c21a21d22e315c7b062de2883cbaaeda9a0f618bb 33152226
gimp_2.10.22.orig.tar.bz2
358fd6ced49f6c94196c81d915bd90a7e14ad57ea5a4511e97c73966f9912d56 61372
gimp_2.10.22-4+deb11u1.debian.tar.xz
1557eea87acef754aa887b292f30d6721b5d42455b0056d278998e6ebafdc750 7236
gimp_2.10.22-4+deb11u1_source.buildinfo
Files:
d36ec73563b488eb1d0dacf700a17133 3625 graphics optional
gimp_2.10.22-4+deb11u1.dsc
9d559ba6f039da033754f1d62a91cc39 33152226 graphics optional
gimp_2.10.22.orig.tar.bz2
dca8567128cc5dadfa1e7378e4c1adaa 61372 graphics optional
gimp_2.10.22-4+deb11u1.debian.tar.xz
712d96870cc8a275661c9e0f57f35a1b 7236 graphics optional
gimp_2.10.22-4+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVZHbJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EnkUP+gJZ/UyBqtFZfdW8+hnUwHj0OfVUJo79
JItuUvpIrIA1kPWxdAVNyyQgOZyfiauWpkL8hOIHgMR5ZwaThKx9XuTUVt+wBGUH
V0JrAgauTyUwr76420roUZ+3WvxCQ3R6VO4joFCJzMVPtL9/fFNuP+f8F0nEzKI2
Jgq28knF4kTRLdQSK+18T/wwMPUbykgkYSEPU/CAYob6tQDLmFWH/CQgJRcOkTue
l1HDmbbVcwBh2FcFISHR8crsoYRJKWbvoej2HGjPsisTH/2i9LJOt6MaQMYGvfPa
SctZmBT+DbJ+UCbvoXbr20xVkYJywDqgeMtf3pQrdAICCr6NwKsqlJvizQVY91NZ
rrN0MxMeoisQsQtOavuWuCYXW5XxjuVUPzcn7cQ2ykjr7nSeYYsp0Onl056q9VlT
tK6h65AmN/yAPg/Of1i6hJn3a4nsf0XwtPvcJstxd3A6xnm0zc1XNkzgsN2AwSmS
htw44NpKBHMTgOBtAmYXM0RUVtjyP0nW/Ips5xEGhW9DOnPGrCi5Ups3frdXa66B
Zbqb0C5ejWOptMX8+EeyaXNGgkypsV627dbi+bXk6H5JHq3Wm/o1nY+v6Nqc7j11
CfFCxQw1A6tTwi6ZQMlen5FBrXeS8dPK3XGXr7vkzgjrQJC8SyMDNQmmRH9Ob1yV
j60+4jRUfzgZ
=Y37D
-----END PGP SIGNATURE-----
--- End Message ---
