Package: gimp Severity: grave Version: 2.6.7-1 Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for gimp.
CVE-2009-3909[0]: | Secunia Research has discovered a vulnerability in Gimp, which can be | exploited by malicious people to potentially compromise a user's | system. | | The vulnerability is caused by an integer overflow error within the | "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This | can be exploited to cause a heap-based buffer overflow by e.g. | tricking a user into opening a specially crafted PSD file. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Don't forget to also help prepare stable and oldstable uploads to address this issue. Patches: http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c For further information see: [0] http://secunia.com/secunia_research/2009-43/ http://security-tracker.debian.org/tracker/CVE-2009-3909 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
