Accepted gimp 2.8.14-1+deb8u2 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 Dec 2017 22:55:07 +0100
Source: gimp
Binary: libgimp2.0 gimp gimp-data libgimp2.0-dev libgimp2.0-doc gimp-dbg
Architecture: all source
Version: 2.8.14-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 884836 884837 884862 884925 884927 885347
Description:
gimp - The GNU Image Manipulation Program
gimp-data - Data files for GIMP
gimp-dbg - Debugging symbols for GIMP
libgimp2.0 - Libraries for the GNU Image Manipulation Program
libgimp2.0-dev - Headers and other files for compiling plugins for GIMP
libgimp2.0-doc - Developers' Documentation for the GIMP library
Changes:
gimp (2.8.14-1+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Out of bounds read / heap overflow in TGA importer (CVE-2017-17786)
(Closes: #884862)
* plug-ins: TGA 16-bit RGB (without alpha bit) is also valid
* Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837)
* heap overread in gbr parser / load_image (CVE-2017-17784)
(Closes: #884925)
* heap overread in psp importer (CVE-2017-17787) (Closes: #884927)
* Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836)
* buffer overread in XCF parser if version field has no null terminator
(CVE-2017-17788) (Closes: #885347)
Checksums-Sha1:
4ebd7840ead24563d1846877628e7d7bf8740d4a 3325 gimp_2.8.14-1+deb8u2.dsc
413f17b30783bb9ea1e0c4b56828de6f0400085b 45280 gimp_2.8.14-1+deb8u2.debian.tar.xz
5a73365c9f74629c03b8a204f288df936f27286e 8411802 gimp-data_2.8.14-1+deb8u2_all.deb
8e4432917163840abf78a54c15e6cef5229b1d75 1263776 libgimp2.0-doc_2.8.14-1+deb8u2_all.deb
Checksums-Sha256:
a564e0a0580b79645778a4b0695772caf4cac2b296c85126779eab0af768e1a1 3325 gimp_2.8.14-1+deb8u2.dsc
beb807c2d71e485b9cc36e91aaa28d0c7b3d60ab853cdb5a3a1a8ca3967a5f7b 45280 gimp_2.8.14-1+deb8u2.debian.tar.xz
5497b1a2b2feb04f5852fadfb3f842f5fcfbff10d9939d73cf6523e0a82d9d27 8411802 gimp-data_2.8.14-1+deb8u2_all.deb
434579c7d48528b693057d2445d1c824812ae0b74596164d8e7c21b85917a357 1263776 libgimp2.0-doc_2.8.14-1+deb8u2_all.deb
Files:
45afa8a618dc8bde3c45a0703a89758b 3325 graphics optional gimp_2.8.14-1+deb8u2.dsc
b3ec4b0d7a7c1d73cf3f560d10145577 45280 graphics optional gimp_2.8.14-1+deb8u2.debian.tar.xz
8dfba5dab0318176f4440d56ad1f1a9a 8411802 graphics optional gimp-data_2.8.14-1+deb8u2_all.deb
cf3c5478600b364b7cad5532de2f8f9a 1263776 doc optional libgimp2.0-doc_2.8.14-1+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpCyRhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EW0sP/3Rk+UGkhMvbUTSyNEyBbAtSK1zQ0VFV
x8VdXvep/PlQdr0qbZWCWNbIuTl6VZjDxVA8F7jopQ0/1C4VveVFDsaj1rbO8Up1
cTQy/aBjCwow7A/dtlWPllWWwTg6ARup89GH2A9TTFKMap3mK1bAy+/UdqExdRDG
1VFEEbZH/IW9jPyqwCn0jYVrIEEqP7c+hv0rN9GafUu33jibLJRrzbGCyWQSCdWi
DyLYbF3oEor0zF4tYUEnfwB8Ds2VK3k3k+khFTTkoQ8Z4JT0xp3VBCz3j2eq+5D1
O5fi2C1kb3Gd7zSXYCUk3ztXIUkiQ4y75W1F4WLEYhD5u+j+V18OCmqsSzNZT5tY
vc4yzBjt9/W99hT+lOAWtJpzhcgZfitpUQP1QhUWA7n/rTibiw/El2vOHLkCW4Ru
WIlOusgOejhdUzxinfNNS6Pp5f+ezmZN3bEtnGgq2/If5Wdf8mo2oD3Bdsuwttea
7s7dWY7rOXf8U3fUsHFks3IFEH64hsSq7PFGY2uC0hLxM+jiYb3fBGwdNlEvcqzL
6dT0dOG+LgEPj7TYA1MO3F1BksusM5PGItOiAMllDrIftPye47utSeIO0WIVjpVi
F9BXrJ2p7hbK22eqTsIbGqfPPGu1Ad12cU6vhLGsDVq/w2I0irN53yLn/R3zZqeM
iZx9Hv0khJ+x
=3Qao
-----END PGP SIGNATURE-----