[SECURITY] [DLA 3659-1] gimp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3659-1] gimp security update
From: Adrian Bunk <bunk@debian.org>
Date: Tue, 21 Nov 2023 17:23:21 +0200
Message-id: <ZVzLaTdYuy4Nc/+t@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3659-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 21, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gimp
Version        : 2.10.8-2+deb10u1
CVE ID         : CVE-2022-30067 CVE-2023-44442 CVE-2023-44444
Debian Bug     : 1055984

Multiple vulnerabilities were fixed in GIMP,
the GNU Image Manipulation Program.

CVE-2022-30067

    Out-of-memory with crafted XCF file.

CVE-2023-44442

    PSD file parsing buffer overflow.

CVE-2023-44444

    PSP file parsing buffer overflow.

For Debian 10 buster, these problems have been fixed in version
2.10.8-2+deb10u1.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVcy2IACgkQiNJCh6LY
mLHQ8A//W7sJPAeccuOZV7eB7TDmg+fFHX0qjD/VafZHYwu/0PTHR9DMSbvrX/ca
HObdHU6uRz9QWYKqPGQfroSuNsrO2qQ1pVqRPAcEK2ISBeVvhad9UHx35sx9hpjQ
QaLk4bLjV0BmeVCYL0mm62YbonMY+toBQMcSpP0z3+JpDIt3y6mfFH6WH6tjDrqU
0FpoNCc/GswYzQm4qvH6cZYE65vbfMesDkQXHEVIrt/QioVoGPSZMI3pmNoefL4G
W8/sgrPMTNcK69qT73IvLoAItfPd5scYQ6sIn0JRnfcJqODa3FWhJuvTs4GKVhwZ
yjmTBabVUJzDZAOJvtEEe8xtsk9Ew8vnDA57YfRSHBWl+9i8FPwD+UD36ntl+C1m
LWNJzkyfLe2Kwz6rnLr+ktNDvdeFRyj6nJIfBc0XgbEOsoCRvTcuhMoyWJXwmYCK
FLDjQhkApQxidsiWNxzL4Sun/K8Nsasd8IrPCnXXAcjR1YEF2II1yzcTyvZ9+ZFR
UM34q2uj9/eOR9jMwsMUF8yk6NOx5n3FXXPFTAGLbIGvHMsjU8QH3iAjy1dlFLrL
F/FcUWfz7Hf7nJ0VhWq1M2f0W9WLZs3o2xqdXb3ZaKYOVO7FfDQYTb0/euw9+Rbo
o5Hy+Nugy0RV1uwMgWnyumWRncUPiuJQAS8rfsdrxGcr3/4Bvpg=
=iWr4
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3658-1] wordpress security update
Next by Date: [SECURITY] [DLA 3660-1] gnutls28 security update
Previous by thread: [SECURITY] [DLA 3658-1] wordpress security update
Next by thread: [SECURITY] [DLA 3660-1] gnutls28 security update
Index(es):
- Date
- Thread