There are no updated debdiffs to sponsor, unsubscribing ubuntu-security-
sponsors for now. Please resubscribe the group once updated debdiffs
have been attached to this bug. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp
** Changed in: gimp (Ubuntu)
Importance: Undecided => Low
** Changed in: gimp (Ubuntu Bionic)
Importance: Undecided => Low
** Changed in: gimp (Ubuntu Focal)
Importance: Undecided => Low
** Changed in: gimp (Ubuntu Jammy)
Importance: Undecided => Low
--
You received this bug
Sorry for the comment. I have hidden it and I will update my patches and
request sponsorship.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1982422
Title:
Multiple vulnerabilities
> All the CVEs fixed by the attached debdiffs have priority low or negligible.
> Therefore, these updates should not be sponsored until a higher priority issue
> is found in GIMP.
I don't think it is right to try and say these should not be sponsored
until a higher priority issue is found - it is
If there is substantial demand for these CVEs getting fixed, please
comment on this bug or otherwise notify me (for example via email).
** Description changed:
- The version in Bionic is vulnerable to all CVEs listed below.
+ The versions in Bionic, Focal and Jammy is vulnerable to all CVEs
All the CVEs fixed by the attached debdiffs have priority low or
negligible. Therefore, these updates should not be sponsored until a
higher priority issue is found in GIMP.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in
I took a look at the debdiffs in #2, #3, and #8, and here are my
comments:
For Bionic:
- The package doesn't build with the debdiff provided. Please fix and make sure
it builds before submitting it again.
- In CVE-2022-32990-2.patch, you dropped the section that patches
xcf_load_buffer, but in
This bug was fixed in the package gimp - 2.10.32-1
---
gimp (2.10.32-1) unstable; urgency=high
* New upstream release (LP: #1982422)
- Includes crash fixes CVE-2022-30067 and CVE-2022-32990
* debian/control.in: Bump minimum gegl to 0.4.36
* debian/libgimp2.0.symbols: Add
** Also affects: gimp (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: gimp (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: gimp (Ubuntu Bionic)
Importance: Undecided
Status: New
--
You received this bug notification because you
Hi Luis,
as part of the sponsoring/updating process, you have to run tests and
inform us about its results and instructions.
Testing an update is important. At a minimum, be sure to:
1. build in a clean build environment
2. verify the package still installs
3. verify the package upgrades cleanly
I have not done any testing.
** Changed in: gimp (Ubuntu)
Assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) =>
(unassigned)
** Patch removed: "gimp_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+attachment/5605036/+files/gimp_bionic.debdiff
--
** Patch added: "gimp_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+attachment/5605038/+files/gimp_bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
** Patch added: "gimp_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+attachment/5605036/+files/gimp_bionic.debdiff
** Changed in: gimp (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Thanks Luís, we'll have a look at this. What testing have you done with
the resulting packages?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1982422
Title:
Multiple
The attachment "gimp_focal.debdiff" seems to be a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and
** Patch added: "gimp_jammy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+attachment/5604449/+files/gimp_jammy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
** Patch added: "gimp_focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+attachment/5604447/+files/gimp_focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
Patched packages for Focal and Jammy are building in my PPA:
https://launchpad.net/~luis220413/+archive/ubuntu/security-updates.
** Changed in: gimp (Ubuntu)
Status: New => In Progress
** Changed in: gimp (Ubuntu)
Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara
18 matches
Mail list logo