Univention Bugzilla – Bug 33272
gimp: Mehrere Sicherheitslücken (3.2)
Last modified: 2014-05-20 07:53:29 CEST
+++ This bug was initially created as a clone of Bug #29149 +++ Bufferoverflow im Parsen der Argumente im script-fu-Plugin (CVE-2012-2763) NULL-Pointer-Dereferenzierung in GIF-Verarbeitung (CVE-2012-3236) Bufferoverflow im Laden von Paletten (CVE-2012-3403) Bufferoverflow in der Verarbeitung von GIF-Dateien (CVE-2012-3481) Bufferoverflow in der Verarbeitung von XWD-Dateien (CVE-2012-5576)
Integer overflows and buffer overflows in the processing of XWD files (CVE-2013-1913 CVE-2013-1978)
(In reply to Moritz Muehlenhoff from comment #0) > +++ This bug was initially created as a clone of Bug #29149 +++ > > Bufferoverflow im Parsen der Argumente im script-fu-Plugin (CVE-2012-2763) This is a mostly theoretical attack and won't be fixed (also in Debian). > NULL-Pointer-Dereferenzierung in GIF-Verarbeitung (CVE-2012-3236) This is only a harmless crash bug w/o security implications.
These issues were fixed with the update to Squeeze 6.0.9 (Bug 34588). The QA should ideally be made by the same person.
OK: gimp (2.6.10-1+squeeze4) oldstable-security; urgency=low * CVE-2012-3403 CVE-2012-3481 CVE-2012-5576 * CVE-2013-1913 CVE-2013-1978 OK: gimp
UCS 3.2-2 has been released: http://docs.univention.de/release-notes-3.2-2-en.html http://docs.univention.de/release-notes-3.2-2-de.html If this error occurs again, please use "Clone This Bug".