-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3659-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 21, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : gimp Version : 2.10.8-2+deb10u1 CVE ID : CVE-2022-30067 CVE-2023-44442 CVE-2023-44444 Debian Bug : 1055984 Multiple vulnerabilities were fixed in GIMP, the GNU Image Manipulation Program. CVE-2022-30067 Out-of-memory with crafted XCF file. CVE-2023-44442 PSD file parsing buffer overflow. CVE-2023-44444 PSP file parsing buffer overflow. For Debian 10 buster, these problems have been fixed in version 2.10.8-2+deb10u1. We recommend that you upgrade your gimp packages. For the detailed security status of gimp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gimp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVcy2IACgkQiNJCh6LY mLHQ8A//W7sJPAeccuOZV7eB7TDmg+fFHX0qjD/VafZHYwu/0PTHR9DMSbvrX/ca HObdHU6uRz9QWYKqPGQfroSuNsrO2qQ1pVqRPAcEK2ISBeVvhad9UHx35sx9hpjQ QaLk4bLjV0BmeVCYL0mm62YbonMY+toBQMcSpP0z3+JpDIt3y6mfFH6WH6tjDrqU 0FpoNCc/GswYzQm4qvH6cZYE65vbfMesDkQXHEVIrt/QioVoGPSZMI3pmNoefL4G W8/sgrPMTNcK69qT73IvLoAItfPd5scYQ6sIn0JRnfcJqODa3FWhJuvTs4GKVhwZ yjmTBabVUJzDZAOJvtEEe8xtsk9Ew8vnDA57YfRSHBWl+9i8FPwD+UD36ntl+C1m LWNJzkyfLe2Kwz6rnLr+ktNDvdeFRyj6nJIfBc0XgbEOsoCRvTcuhMoyWJXwmYCK FLDjQhkApQxidsiWNxzL4Sun/K8Nsasd8IrPCnXXAcjR1YEF2II1yzcTyvZ9+ZFR UM34q2uj9/eOR9jMwsMUF8yk6NOx5n3FXXPFTAGLbIGvHMsjU8QH3iAjy1dlFLrL F/FcUWfz7Hf7nJ0VhWq1M2f0W9WLZs3o2xqdXb3ZaKYOVO7FfDQYTb0/euw9+Rbo o5Hy+Nugy0RV1uwMgWnyumWRncUPiuJQAS8rfsdrxGcr3/4Bvpg= =iWr4 -----END PGP SIGNATURE-----