Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 26 Nov 2012 22:52:26 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Andrés Gómez Ramírez
 <andresgomezram7@...il.com>
Subject: Re: CVE Request: Gimp memory corruption vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/21/2012 10:19 AM, Andrs Gmez Ramrez wrote:
> Hello, could a CVE be assigned to this issue?
> 
> Name: Gimp memory corruption vulnerability Software: GIMP 2.8.2 
> Software link: http://www.gimp.org/ <http://plib.sourceforge.net/> 
> Vulnerability Type: Memory Corruption
> 
> Description:
> 
> GIMP 2.8.2 is vulnerable to memory corruption when reading XWD
> files, which could lead even to arbitrary code execution.
> 
> Upstream fix: 
> http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
>
> 
(fixed in master and gimp-2-8)
> 
> References: https://bugzilla.gnome.org/show_bug.cgi?id=687392
> 
> Thanks,
> 
> Andres Gomez.

Apology for the delay, I had some mail filter issues that I have now
fixed so I won't miss these in future.

Also if there were any other CVE requests that were also CC'ed to
full-disclosure or Bugtraq that I haven't dealt with please ping me
and I'll get to them asap.

Please use CVE-2012-5576for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQtFUaAAoJEBYNRVNeJnmTnsoP+weCng3Etwm0gQZE/XsfCkee
5bv8tZx2IoAqmXcwwjFtJBUUEyW4FOvvWqemDOTu2CbxJHH8BDcG7B/IeiBZuOBs
rKuqqHx4rwEMyl/pFAmL7TtxVSEm4RjKe6RS/52IZOpFVK53XZfO7o/BtRnAsitV
sVknVeq+WH+xxFFU6jrpvXqju0aWEo1Q4I4S/uGh9F1WtEhGMUvbBXgBKFQL23X5
abKPpAhF807E9mhLTFOoJ/sts6L1waw5+hXAvp8LCY9pVtM6pf+VD0Gj8xIW7wP4
wgGC2i8N4xgEohsmCzvznWDqfD5BNrFFIUguceTl/uF+PL0wKo0Nxyf+0RQOx8e1
EQ5+3j3Q0BHXwIEA2CArIV0g4LPBJ0sJNH+bSTR6Iiz0j2Gm1VbB9GJ7hSNF5cJ/
sXVtM9dUMdpBxKfjQeyvb4lXFLKZg8875NooGHFFinMSMjV97p6/rt6atEj76HVD
tfLK9IBh/lm8V31L56YeegzKq0OkkdIC9pZGw+ATj66WyfTAQZxsdlGl58S9umVS
PcFjON3sAn0O5RGAEDpyxbMMUHRbW3d/UkilA5lcqJ2XPDeILcvr5HYz5Pikkltg
JDAbZuQV46ohmXZERjNF4hUY8VWeU4a6rk1wU11wJB4UD+sSpXjvBZoSj9EIdSjO
MWz9hgNy/as5Qi6aOBEE
=kBhU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ