GIMP: Fix CVE-2016-4994

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GIMP: Fix CVE-2016-4994

From:	Leo Famulari
Subject:	GIMP: Fix CVE-2016-4994
Date:	Fri, 1 Jul 2016 16:19:42 -0400
User-agent:	Mutt/1.6.0 (2016-04-01)

GIMP has a use-after-free bug related to XCF file parsing that allows
arbitrary code execution:
https://security-tracker.debian.org/tracker/CVE-2016-4994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994

This patch cherry-picks the upstream commit from the gimp-2-8 branch:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f

Leo Famulari (1):
  gnu: gimp: Fix CVE-2016-4994.

 gnu/local.mk                                  |  1 + 
 gnu/packages/gimp.scm                         |  1 + 
 gnu/packages/patches/gimp-CVE-2016-4994.patch | 96 +++++++++++++++++++++++++++
 3 files changed, 98 insertions(+)
 create mode 100644 gnu/packages/patches/gimp-CVE-2016-4994.patch

0001-gnu-gimp-Fix-CVE-2016-4994.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

GIMP: Fix CVE-2016-4994, Leo Famulari <=
- Re: GIMP: Fix CVE-2016-4994, Ludovic Courtès, 2016/07/02

Prev by Date: [PATCH] gnurl: Update to 7.48.0.
Next by Date: Re: [PATCH] Add gctp
Previous by thread: [PATCH] gnurl: Update to 7.48.0.
Next by thread: Re: GIMP: Fix CVE-2016-4994
Index(es):
- Date
- Thread