As I wrote in https://bugzilla.gnome.org/show_bug.cgi?id=773233#c2 (that's the bug for the master branch, where GIMP 2.9.x is being made from), I could not reproduce the crash mentioned in the CVE. Probably no surprise, given that CVE was reported against GIMP 2.3.x
However, I'd like to stress that this bug might have been fixed a lot earlier if any of the downstream vendors who noticed it had reported it upstream. Please make sure that every non-Ubuntu-specific bug in Launchpad has a corresponding upstream bug report (adding a reference to thess is what the "Also affects project" link is for), or that an upstream report is made if you can't find one. ** Bug watch added: GNOME Bug Tracker #773233 https://bugzilla.gnome.org/show_bug.cgi?id=773233 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1690544 Title: include proper fix for CVE-2007-3126, released in GIMP 2.8.22 To manage notifications about this bug go to: https://bugs.launchpad.net/gimp/+bug/1690544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
