GIMP has a use-after-free bug related to XCF file parsing that allows
arbitrary code execution:
https://security-tracker.debian.org/tracker/CVE-2016-4994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994

This patch cherry-picks the upstream commit from the gimp-2-8 branch:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f

Leo Famulari (1):
  gnu: gimp: Fix CVE-2016-4994.

 gnu/local.mk                                  |  1 + 
 gnu/packages/gimp.scm                         |  1 + 
 gnu/packages/patches/gimp-CVE-2016-4994.patch | 96 +++++++++++++++++++++++++++
 3 files changed, 98 insertions(+)
 create mode 100644 gnu/packages/patches/gimp-CVE-2016-4994.patch