Debian Bug report logs - #608497

gimp: four buffer overflows

Reported by: "non customers" <non-customers@operamail.com> Date: Fri, 31 Dec 2010 13:39:02 UTC Severity: important Tags: fixed-upstream, security Found in version gimp/2.6.11-1 Fixed in version gimp/2.6.11-2 Done: Ari Pollak <ari@debian.org> Bug is archived. No further changes may be made. Forwarded to http://bugzilla.gnome.org/show_bug.cgi?id=641105, merged-upstream: http://bugzilla.gnome.org/show_bug.cgi?id=639203

Toggle useless messages

Report forwarded to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org> :

Bug#608497 ; Package gimp . (Fri, 31 Dec 2010 13:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to "non customers" <non-customers@operamail.com> :

New Bug report received and forwarded. Copy sent to Ari Pollak <ari@debian.org> . (Fri, 31 Dec 2010 13:39:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "non customers" <non-customers@operamail.com> To: submit@bugs.debian.org Subject: gimp: four buffer overflows Date: Fri, 31 Dec 2010 14:35:51 +0100

Subject: gimp: four buffer overflows Package: gimp Version: 2.6.11-1 Severity: important Tags: security Here is a PoC for four new buffer overflows in GIMP. Compile it with open-cobol. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gimp depends on: ii gimp-data 2.6.11-1 Data files for GIMP ii libaa1 1.4p5-38 ascii art library ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libbabl-0.0-0 0.0.22-1 Dynamic, any to any, pixel format ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst ii libexif12 0.6.19-1 library to parse EXIF files ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib ii libgegl-0.0-0 0.0.22-2+b1 Generic Graphics Library ii libgimp2.0 2.6.11-1 Libraries for the GNU Image Manipu ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libhal1 0.5.14-3 Hardware Abstraction Layer - share ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii liblcms1 1.18.dfsg-1.2+b3 Color management library ii libmng1 1.0.10-1+b1 Multiple-image Network Graphics li ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio ii libpng12-0 1.2.44-1 PNG library - runtime ii libpoppler-glib4 0.12.4-1.2 PDF rendering library (GLib-based ii librsvg2-2 2.26.3-1 SAX-based renderer library for SVG ii libtiff4 3.9.4-5 Tag Image File Format (TIFF) libra ii libwebkit-1.0-2 1.2.5-2.1 Web content engine library for Gtk ii libwmf0.2-7 0.2.8.4-6.1+b1 Windows metafile conversion librar ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxfixes3 1:4.0.5-1 X11 miscellaneous 'fixes' extensio ii libxmu6 2:1.0.5-2 X11 miscellaneous utility library ii libxpm4 1:3.5.8-1 X11 pixmap library ii python 2.6.6-3+squeeze4 interactive high-level object-orie ii python-gtk2 2.17.0-4 Python bindings for the GTK+ widge ii python-support 1.0.10 automated rebuilding support for P ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime gimp recommends no packages. Versions of packages gimp suggests: ii ghostscript 8.71~dfsg2-6 The GPL Ghostscript PostScript/PDF pn gimp-data-extras <none> (no description available) pn gimp-help-en | gimp-help <none> (no description available) ii gvfs-backends 1.6.4-2 userspace virtual filesystem - bac ii libasound2 1.0.23-2.1 shared library for ALSA applicatio -- no debconf information -- non-customers crew | http://rock-madrid.com/ -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com

Set Bug forwarded-to-address to 'http://bugzilla.gnome.org/show_bug.cgi?id=641105'. Request was from Ari Pollak <ari@debian.org> to control@bugs.debian.org . (Tue, 01 Feb 2011 02:42:03 GMT) (full text, mbox, link).

Changed Bug forwarded-to-address to 'http://bugzilla.gnome.org/show_bug.cgi?id=641105, merged-upstream: http://bugzilla.gnome.org/show_bug.cgi?id=639203' from 'http://bugzilla.gnome.org/show_bug.cgi?id=641105' Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org . (Mon, 07 Feb 2011 20:24:28 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org . (Thu, 17 Feb 2011 16:39:23 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org> :

Bug#608497 ; Package gimp . (Sat, 09 Apr 2011 02:12:08 GMT) (full text, mbox, link).

Acknowledgement sent to Marc Deslauriers <marc.deslauriers@ubuntu.com> :

Extra info received and forwarded to list. Copy sent to Ari Pollak <ari@debian.org> . (Sat, 09 Apr 2011 02:12:09 GMT) (full text, mbox, link).

Message #16 received at 608497@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@ubuntu.com> To: Debian Bug Tracking System <608497@bugs.debian.org> Subject: gimp: Fix from Ubuntu Date: Fri, 08 Apr 2011 09:42:09 -0400

Package: gimp Version: 2.6.11-1 Severity: normal Tags: patch User: ubuntu-devel@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmpJCXJq8 In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service and possible code execution via malformed plugin configuration files - debian/patches/05_CVE-2010-454x.patch: fix format strings in plug-ins/{common/sphere-designer,gfig/gfig-style, lighting/lighting-ui}.c. - CVE-2010-4540 - CVE-2010-4541 - CVE-2010-4542 * SECURITY UPDATE: denial of service and possible code execution via malformed PSP image file - debian/patches/06_CVE-2010-4543.patch: fix buffer overflow in plug-ins/common/file-psp.c. - CVE-2010-4543 Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-8-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash

Reply sent to Ari Pollak <ari@debian.org> :

You have taken responsibility. (Tue, 12 Apr 2011 23:03:09 GMT) (full text, mbox, link).

Notification sent to "non customers" <non-customers@operamail.com> :

Bug acknowledged by developer. (Tue, 12 Apr 2011 23:03:10 GMT) (full text, mbox, link).

Message #21 received at 608497-close@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org> To: 608497-close@bugs.debian.org Subject: Bug#608497: fixed in gimp 2.6.11-2 Date: Tue, 12 Apr 2011 23:01:28 +0000

Source: gimp Source-Version: 2.6.11-2 We believe that the bug you reported is fixed in the latest version of gimp, which is due to be installed in the Debian FTP archive: gimp-data_2.6.11-2_all.deb to main/g/gimp/gimp-data_2.6.11-2_all.deb gimp-dbg_2.6.11-2_amd64.deb to main/g/gimp/gimp-dbg_2.6.11-2_amd64.deb gimp_2.6.11-2.debian.tar.gz to main/g/gimp/gimp_2.6.11-2.debian.tar.gz gimp_2.6.11-2.dsc to main/g/gimp/gimp_2.6.11-2.dsc gimp_2.6.11-2_amd64.deb to main/g/gimp/gimp_2.6.11-2_amd64.deb libgimp2.0-dev_2.6.11-2_amd64.deb to main/g/gimp/libgimp2.0-dev_2.6.11-2_amd64.deb libgimp2.0-doc_2.6.11-2_all.deb to main/g/gimp/libgimp2.0-doc_2.6.11-2_all.deb libgimp2.0_2.6.11-2_amd64.deb to main/g/gimp/libgimp2.0_2.6.11-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 608497@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ari Pollak <ari@debian.org> (supplier of updated gimp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Format: 1.8 Date: Tue, 12 Apr 2011 19:04:28 -0400 Source: gimp Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg Architecture: source all amd64 Version: 2.6.11-2 Distribution: unstable Urgency: high Maintainer: Ari Pollak <ari@debian.org> Changed-By: Ari Pollak <ari@debian.org> Description: gimp - The GNU Image Manipulation Program gimp-data - Data files for GIMP gimp-dbg - Debugging symbols for GIMP libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP libgimp2.0-doc - Developers' Documentation for the GIMP library Closes: 600226 608497 613201 621230 Changes: gimp (2.6.11-2) unstable; urgency=high . * Fix security issues when reading plugin configuration files and PSP files (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543) (Closes: #608497) - patches imported from Ubuntu * Drop libgimp2.0's recommendation on gimp (Closes: #600226) * remove .la files, even from python modules (Closes: #621230) * Remove HAL support (Closes: #613201) * 07_binutils-gold.patch: - Allow package to build with binutils-gold Checksums-Sha1: 4cb43b23705d72cf2022d27217fb57e75d7b6db2 1940 gimp_2.6.11-2.dsc c8ff3e6c5b842e45a6d682aba79d05abea179a98 45078 gimp_2.6.11-2.debian.tar.gz 7b5cd82c761d6a4abe31f671112897d1eeaff268 11672416 gimp-data_2.6.11-2_all.deb bf168d2e918b19e7bcf919d927cbe3613b111711 1101792 libgimp2.0-doc_2.6.11-2_all.deb 401f06e204f290ca670dd1ad2629933015a46937 1187448 libgimp2.0_2.6.11-2_amd64.deb b07c18571fd1e040cda33fad6f972a263e348fa7 5053114 gimp_2.6.11-2_amd64.deb e5b98b4c6a194be62e0c352bddeea62e773fd5fc 185118 libgimp2.0-dev_2.6.11-2_amd64.deb f48686324dfef9b3d440d025659256b3ca07607d 15522670 gimp-dbg_2.6.11-2_amd64.deb Checksums-Sha256: 57a5bbc8511ea74968cf05e8e0c9c4746a32a8d563388b81677c3364b59e4093 1940 gimp_2.6.11-2.dsc 049e4a8683e078dd7288da95eb72e2146ec2a24f49858b02aa77cea11c3dab89 45078 gimp_2.6.11-2.debian.tar.gz 2ad912aa89fc38ba0678ab36897bab6f0bb7c64013e484b4e43456163d465ccd 11672416 gimp-data_2.6.11-2_all.deb 0bc0ecde10a5508d3e59b7e7ceafd0eeda1c1e208eb407c395958edcfbfc2e20 1101792 libgimp2.0-doc_2.6.11-2_all.deb 1d9647f5db9fbee19f8d5e39e7a540067c87c4cdba18a90eb8dadb0f0f283134 1187448 libgimp2.0_2.6.11-2_amd64.deb c3adbfb998e12dcf7c4b353d2c279882a30d2ab32b51743f228b231e902cd700 5053114 gimp_2.6.11-2_amd64.deb d0c1c18a5e9fd12349b8c13ee7162b61a8b9e3245acda6bd0467bbe3f39db68b 185118 libgimp2.0-dev_2.6.11-2_amd64.deb 687fc2f4faea46e069c80af6eac429ee19791006578c4d297c94609ab703dec7 15522670 gimp-dbg_2.6.11-2_amd64.deb Files: 70ad1275bf6f415bf4ef275b197add2f 1940 graphics optional gimp_2.6.11-2.dsc dc5e1000762cc1ac3bf567afdf5da04f 45078 graphics optional gimp_2.6.11-2.debian.tar.gz 16f27db7ffd7cce7aa8e3ba1e88bbb92 11672416 graphics optional gimp-data_2.6.11-2_all.deb dbded1d5ff15871eec1a733cf8da8dc3 1101792 doc optional libgimp2.0-doc_2.6.11-2_all.deb 1470775db4095c3bf1d7ab398dc1b782 1187448 libs optional libgimp2.0_2.6.11-2_amd64.deb 888e262dca0b048c0f4cc7cd2f414ce6 5053114 graphics optional gimp_2.6.11-2_amd64.deb 88f0b9f4d72447d3be8287db9b245bce 185118 libdevel optional libgimp2.0-dev_2.6.11-2_amd64.deb dcea23a07d691868c9ca62c394fa9206 15522670 debug extra gimp-dbg_2.6.11-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEAREDAAYFAk2k0zQACgkQwO+u47cOQDuvhwCbBIoPsA8HSvK7/inHec2q9/96 wgkAoJ9DFlVo+fTvlkMhFR3diCKgINid =g6ce -----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org . (Sat, 02 Jul 2011 07:43:35 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.