Accepted gimp 2.8.20-1.1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 Dec 2017 22:11:46 +0100
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: source
Version: 2.8.20-1.1
Distribution: unstable
Urgency: medium
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 860766 884836 884837 884862 884925 884927 885347
Description:
gimp - GNU Image Manipulation Program
gimp-data - Data files for GIMP
gimp-dbg - Debugging symbols for GIMP
libgimp2.0 - Libraries for the GNU Image Manipulation Program
libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
libgimp2.0-doc - Developers' Documentation for the GIMP library
Changes:
gimp (2.8.20-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
.
[ Ari Pollak ]
* Move gimp to Enhances on gimp-data instead of Recommends (Closes: #860766)
.
[ Salvatore Bonaccorso ]
* Out of bounds read / heap overflow in TGA importer (CVE-2017-17786)
(Closes: #884862)
* plug-ins: TGA 16-bit RGB (without alpha bit) is also valid
* Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837)
* heap overread in gbr parser / load_image (CVE-2017-17784)
(Closes: #884925)
* heap overread in psp importer (CVE-2017-17787) (Closes: #884927)
* Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836)
* buffer overread in XCF parser if version field has no null terminator
(CVE-2017-17788) (Closes: #885347)
Checksums-Sha1:
fb9dc7b4fe379899af2a76659aeeb26165e96c55 3290 gimp_2.8.20-1.1.dsc
d30b2cb3910f33882da0d3c23306ff826a824b26 45196 gimp_2.8.20-1.1.debian.tar.xz
Checksums-Sha256:
d14a68dbeeea7baa3167d12eca66590214c0893639a2291c0756cc482d9c8a09 3290 gimp_2.8.20-1.1.dsc
eb28be08d4b8f25d8f6c1532aedc8ccad2ba21620ee35ddd31674d7f0f8ec8b0 45196 gimp_2.8.20-1.1.debian.tar.xz
Files:
9a3f297cc9ccdb1f3a834394e3ba4874 3290 graphics optional gimp_2.8.20-1.1.dsc
0843fcdc38025a0d7ee6754d75311229 45196 graphics optional gimp_2.8.20-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpCv2RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWwcP/iJnTmE2fygK5BoYMUiZ7TQNhSxkQOGh
uMhbdy90uGXtlUWIWUuQ5hdsh0a1aSQClX7uXf6VF1TfMcxgO0jKMrHPHraiM/KF
rqh/jJsREAx4PDkYqLj5vtif2TbBeDZbu8Do4TgrJWLkDfVpExFHfuDwapUbWNg7
BZcAKtGKuIbFjCuh42WQZ6gbpVZgDzGt/tksI0i3jBvD9xM1xzgbXqZLg38wacZH
KOWxsMsBKG1tVx/mcU/x7ltrqBqpiVZeWaVvHpBARKCL0KqSp/CW/yHFBuYYXH7J
0DO5MbxFL7YODY/ZAp0sRq/teijjt5p+fhL4YLVnbjE8vPpuG4XZRAu4iS12xlJU
nqKIKnpVvsuv5+VaIIRnxFY2tEQv7fjNu7lm1Ta/qOwgJNTxhM4LjJRHVpEltoxS
9pJ9F9OYODEiHAtn/G34R92gqbj+K4OlqOO1vxLmyuG7JGCebtO6bGxGeUvaVPY1
qYAuz1A/Mib5K17jmRxzl9+xudwhZ7haDuMFJiYVDJucvh+uuxs9hoUDji1Jxz3d
g9KkqUAGY08uKL/MGski00dttaiKNfJN4RnJju/rgHixLx8HGKJXTfbLV5v8sr0A
CVnEuhWqJMFpjluGbwaFbujhhadNEQLr8Jej283oGnBbIA4Nt1xGxRl8a8HqhAwS
7BQdNDZtEiA9
=UI5/
-----END PGP SIGNATURE-----