This bug was fixed in the package gimp - 2.8.22-1
---------------
gimp (2.8.22-1) unstable; urgency=medium
* New upstream release (Closes: #870568, #885382, CVE-2007-3126)
(LP: #1690544)
* Switch maintainer to Debian GNOME Team, with Ari's permission
* Update Vcs fields for migration to https://salsa.debian.org/
* Drop old Breaks/Conflicts/Replaces not needed since Wheezy
* Drop obsolete menu and .xpm files
* Switch from cdbs to dh
* Bump debhelper compat to 11
-- Jeremy Bicha <[email protected]> Wed, 28 Mar 2018 12:21:18 -0400
** Changed in: gimp (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1690544
Title:
include proper fix for CVE-2007-3126, released in GIMP 2.8.22
Status in The Gimp:
Fix Released
Status in gimp package in Ubuntu:
Fix Released
Bug description:
The GIMP developers announced at
https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/ that version 2.8.22
finally includes a proper fix for the ancient ICO file import crash
CVE-2007-3126.
The fix should thus either be back-ported or GIMP bumped to 2.8.22 for
supported Ubuntu versions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gimp/+bug/1690544/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
