From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: GIMP: Fix CVE-2016-4994 Date: Sat, 02 Jul 2016 15:19:25 +0200 Message-ID: <878txki3du.fsf@gnu.org> References: <20160701201942.GA26834@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34952) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJKpa-0006vO-WB for guix-devel@gnu.org; Sat, 02 Jul 2016 09:19:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bJKpV-0007bB-Fx for guix-devel@gnu.org; Sat, 02 Jul 2016 09:19:33 -0400 In-Reply-To: <20160701201942.GA26834@jasmine> (Leo Famulari's message of "Fri, 1 Jul 2016 16:19:42 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > GIMP has a use-after-free bug related to XCF file parsing that allows > arbitrary code execution: > https://security-tracker.debian.org/tracker/CVE-2016-4994 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2016-4994 > > This patch cherry-picks the upstream commit from the gimp-2-8 branch: > https://git.gnome.org/browse/gimp/commit/?h=3Dgimp-2-8&id=3De82aaa4b4ee07= 03c879e35ea9321fff6be3e9b6f Go for it! Thank you for taking care of it, as usual! Ludo=E2=80=99.