[Secure-testing-commits] r24661 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Dec 10 06:02:02 UTC 2013 

Author: jmm
Date: 2013-12-10 06:02:02 +0000 (Tue, 10 Dec 2013)
New Revision: 24661

Modified:
   data/CVE/list
Log:
record remaining fixes from gimp DSA, one gimp issue unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-10 05:49:49 UTC (rev 24660)
+++ data/CVE/list	2013-12-10 06:02:02 UTC (rev 24661)
@@ -21504,6 +21504,7 @@
 	[squeeze] - python-keyring <no-dsa> (Minor issue)
 CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Window ...)
 	- gimp 2.8.2-2 (bug #693977)
+	[squeeze] - gimp 2.6.10-1+squeeze4
 	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
 	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
@@ -27172,6 +27173,7 @@
 	[squeeze] - fetchmail <no-dsa> (Minor issue)
 CVE-2012-3481 (Integer overflow in the ReadImage function in ...)
 	- gimp 2.8.2-1 (bug #685397)
+	[squeeze] - gimp 2.6.10-1+squeeze4
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572
 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
@@ -27435,6 +27437,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
 	- gimp 2.8.2-1 (bug #685397)
+	[squeeze] - gimp 2.6.10-1+squeeze4
 CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD ...)
 	- gimp 2.4.0~rc1-1
 	NOTE: Only affects 2.2 series
@@ -29017,8 +29020,8 @@
 CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before ...)
 	- chromium-browser <not-affected> (Windows specific)
 CVE-2012-2763 (Buffer overflow in the readstr_upto function in ...)
-	- gimp 2.8.0-1 (low)
-	[squeeze] - gimp <no-dsa> (Only exploitable in rare setups)
+	- gimp 2.8.0-1 (unimportant)
+	NOTE: Only exploitable in rare/theoretical setups
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
 	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c

More information about the Secure-testing-commits mailing list