Details: https://nvd.nist.gov/vuln/detail/CVE-2023-44443 https://nvd.nist.gov/vuln/detail/CVE-2023-44444
The relevant upstream issues: https://gitlab.gnome.org/GNOME/gimp/-/issues/10072 https://gitlab.gnome.org/GNOME/gimp/-/issues/10071 For the backport, upstream has merged the two patches into one, solving both CVEs. That patch is in this change. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../gimp/CVE-2023-44443_CVE-2023-44444.patch | 47 +++++++++++++++++++ meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2023-44443_CVE-2023-44444.patch diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2023-44443_CVE-2023-44444.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2023-44443_CVE-2023-44444.patch new file mode 100644 index 0000000000..c92aaa24a9 --- /dev/null +++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2023-44443_CVE-2023-44444.patch @@ -0,0 +1,47 @@ +From 8a8c3fe7cdb498d05d8e61e6b0f36d9a314caa62 Mon Sep 17 00:00:00 2001 +From: Alx Sa <[email protected]> +Date: Sat, 23 Sep 2023 20:40:18 +0000 +Subject: [PATCH] plug-ins: Fix vulnerabilities in file-psp + +Backports commits e1bfd871 and 96f536a3 +from master + +CVE: CVE-2023-44443 CVE-2023-44444 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + plug-ins/common/file-psp.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index c0f3480..6a6b93d 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -1128,8 +1128,17 @@ read_color_block (FILE *f, + } + + color_palette_entries = GUINT32_FROM_LE (entry_count); ++ /* TODO: GIMP currently only supports a maximum of 256 colors ++ * in an indexed image. If this changes, we can change this check */ ++ if (color_palette_entries > 256) ++ { ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ++ _("Error: Unsupported palette size")); ++ return -1; ++ } ++ + /* psp color palette entries are stored as RGBA so 4 bytes per entry +- where the fourth bytes is always zero */ ++ * where the fourth bytes is always zero */ + pal_size = color_palette_entries * 4; + color_palette = g_malloc (pal_size); + if (fread (color_palette, pal_size, 1, f) < 1) +@@ -1498,7 +1507,7 @@ read_channel_data (FILE *f, + else + endq = q + line_width * height; + +- buf = g_malloc (127); ++ buf = g_malloc (128); + while (q < endq) + { + fread (&runcount, 1, 1, f); diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb index ff34bfa6fd..07c9fcf666 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.30.bb @@ -50,6 +50,7 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \ file://CVE-2022-32990-3.patch \ file://CVE-2023-44441.patch \ file://CVE-2023-44442.patch \ + file://CVE-2023-44443_CVE-2023-44444.patch \ " SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125004): https://lists.openembedded.org/g/openembedded-devel/message/125004 Mute This Topic: https://lists.openembedded.org/mt/118226904/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
