Your message dated Wed, 29 Nov 2023 20:34:45 +0000 with message-id <e1r8rgf-003ikc...@fasolo.debian.org> and subject line Bug#1055984: fixed in gimp 2.10.34-1+deb12u1 has caused the Debian Bug report #1055984, regarding gimp: CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1055984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055984 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gimp Version: 2.10.34-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for gimp. CVE-2023-44441[0]: | GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution | Vulnerability CVE-2023-44442[1]: | GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution | Vulnerability CVE-2023-44443[2]: | GIMP PSP File Parsing Integer Overflow Remote Code Execution | Vulnerability CVE-2023-44444[3]: | GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44441 https://www.cve.org/CVERecord?id=CVE-2023-44441 [1] https://security-tracker.debian.org/tracker/CVE-2023-44442 https://www.cve.org/CVERecord?id=CVE-2023-44442 [2] https://security-tracker.debian.org/tracker/CVE-2023-44443 https://www.cve.org/CVERecord?id=CVE-2023-44443 [3] https://security-tracker.debian.org/tracker/CVE-2023-44444 https://www.cve.org/CVERecord?id=CVE-2023-44444 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gimp Source-Version: 2.10.34-1+deb12u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of gimp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1055...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated gimp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2023 16:59:10 +0100 Source: gimp Architecture: source Version: 2.10.34-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1055984 Changes: gimp (2.10.34-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: Fix vulnerabilities in file-psp (CVE-2023-44443, CVE-2023-44444) (Closes: #1055984) * plug-ins: Fix vulnerability in file-psd (CVE-2023-44442) (Closes: #1055984) * plug-ins: Fix DDS vulnerability (ZDI-CAN-22093) (CVE-2023-44441) (Closes: #1055984) * plug-ins: Fix DDS import regression * plug-ins: Additional fixes for DDS Import Checksums-Sha1: 1b2dd253a13807c8071d99c27747c8d7a1b42fd2 3689 gimp_2.10.34-1+deb12u1.dsc 34c0fc084a0c584839bf080587fb8f79ae4ef293 31405329 gimp_2.10.34.orig.tar.bz2 bae0791672a60f44bad4c80dca242a3dbb645df3 60808 gimp_2.10.34-1+deb12u1.debian.tar.xz b5fa23f0025084386574a614d4bf1ccbceb9ffbe 7236 gimp_2.10.34-1+deb12u1_source.buildinfo Checksums-Sha256: 2e046b68439eb83ab3f13742b38cc592b2a5774664be7ed5bf516b1438bb6b9b 3689 gimp_2.10.34-1+deb12u1.dsc 84004642d351b398a4293cd7fd3592044a944f05bb52850ee6068f247c657aa3 31405329 gimp_2.10.34.orig.tar.bz2 c66f8083ed9275f247dfe9e588e1d9fff622dba0b6cbf0b09690fb6906dccbf6 60808 gimp_2.10.34-1+deb12u1.debian.tar.xz a3dba854b7d49db6a25eeea8d33d1dafdae93aaa6467dff7c460ebe76bdcb38a 7236 gimp_2.10.34-1+deb12u1_source.buildinfo Files: 7163acd5b4eb775824b87099741865ad 3689 graphics optional gimp_2.10.34-1+deb12u1.dsc 0dae3a42d261621d62a336ef2aee052a 31405329 graphics optional gimp_2.10.34.orig.tar.bz2 8a99879abbf0e59fff0fbcecbfcdcb88 60808 graphics optional gimp_2.10.34-1+deb12u1.debian.tar.xz 3d4065067af6c2f5ddfae8d5afc63e19 7236 graphics optional gimp_2.10.34-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVY365fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ExokP/iBN5Q909tU79vOd8Neyq5v2i/0btvIq LgD46MUOHN3k/GgQuiKuD3mkj9dWJ7VWiA5U5r+tStoE8tKg4Tnl0hP1ZMcz5PgQ SPTuE4glRg0uDWkhWs4UmrV1aea643Kw9a3DL94MUoqpiIQSXadHDstRNCOooVzz 8B+nlKR6hBcgH+yWvm1Y7CI2pI3pMHDjKiSl7iHCi2S1ZRmgLcVIUZzi9VrjotRw ioSqqgOb/mL+GlDxF930DnTvIe4/MchoElFeclaRYsxPm94QTw3tY6ygdaLbHn67 oOvFl70kFAqxmoxlGIZqL+mQhlAAW9RchPLtMXHM6/+qwUzvz/jYDmLEghxUGb89 IbegEJdYeWHtBs8h8KUs0F5mzxeURnnXJfDNXYm0ukLArzOfr9DnSDPyuyWEqljH IJkkDehmzVYO+oEkihHchc383BfK2BqjbSgTbR3uwwGEedMmbAdpvfVdcHb48YN7 t3VzMqUonNHZWFCL5bYmZM9agYCzFgQhs4BZskrVPwjoEUU4t/Wuv3IprIdgGttf fyLL05lC6EaMg6J+9nQ57wQFhFAxtQ2qeDnsE0+56aWtF0aRRfd3KmS7/C5F6ISx arqrOP0xDfHsegxcogxP4DwaLeoOqGc4t3vIzx51fD7ez2QuA7mTKHzjX1wM7zMi q+kNkASO8+XL =JX/f -----END PGP SIGNATURE-----
--- End Message ---
