[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixed versions for gimp issues

Salvatore Bonaccorso carnil at debian.org
Mon Jan 1 09:42:17 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b36696a by Salvatore Bonaccorso at 2018-01-01T10:41:45+01:00
Add fixed versions for gimp issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1251,14 +1251,14 @@ CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x bef
 	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
 CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...)
 	{DSA-4077-1 DLA-1220-1}
-	- gimp <unfixed> (bug #884836)
+	- gimp 2.8.20-1.1 (bug #884836)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b (master)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 (gimp-2-8)
 	NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp <reproducerfile>"
 CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...)
 	{DSA-4077-1 DLA-1220-1}
-	- gimp <unfixed> (unimportant; bug #884862)
+	- gimp 2.8.20-1.1 (unimportant; bug #884862)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=8ea316667c8a3296bce2832b3986b58d0fdfc077 (master)
@@ -1267,20 +1267,20 @@ CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadIm
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...)
 	{DSA-4077-1 DLA-1220-1}
-	- gimp <unfixed> (unimportant; bug #885347)
+	- gimp 2.8.20-1.1 (unimportant; bug #885347)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 (master)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in ...)
 	{DSA-4077-1 DLA-1220-1}
-	- gimp <unfixed> (unimportant; bug #884925)
+	- gimp 2.8.20-1.1 (unimportant; bug #884925)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59 (master)
 	NOTE: https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 (gimp-2-8)
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
 	{DSA-4077-1 DLA-1220-1}
-	- gimp <unfixed> (bug #884837)
+	- gimp 2.8.20-1.1 (bug #884837)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8 (master)
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f (gimp-2-8)
@@ -1288,7 +1288,7 @@ CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
 	NOTE: Some OOB read/write can be reproduced in sid with "valgrind --trace-children=yes gimp <reproducerfile>"
 CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
 	{DSA-4077-1 DLA-1220-1}
-	- gimp <unfixed> (unimportant; bug #884927)
+	- gimp 2.8.20-1.1 (unimportant; bug #884927)
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d (master)
 	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b36696a133e01c0dab430b5e579de1376d0da52

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b36696a133e01c0dab430b5e579de1376d0da52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180101/d9e3302e/attachment.html>

More information about the Secure-testing-commits mailing list