[Secure-testing-team] Bug#584069: gimp: Security bugs in ghostscript

Paul Szabo paul.szabo at sydney.edu.au
Tue Jun 1 01:37:16 UTC 2010 

Package: gimp
Version: 2.4.7-1
Severity: grave
Tags: security
Justification: user security hole


Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages gimp depends on:
ii  gimp-data             2.4.7-1            Data files for GIMP
ii  libaa1                1.4p5-37+b1        ascii art library
ii  libart-2.0-2          2.3.20-2           Library of functions for 2D graphi
ii  libatk1.0-0           1.22.0-1           The ATK accessibility toolkit
ii  libc6                 2.7-18lenny2       GNU C Library: Shared libraries
ii  libcairo2             1.6.4-7            The Cairo 2D vector graphics libra
ii  libdbus-1-3           1.2.1-5+lenny1     simple interprocess messaging syst
ii  libdbus-glib-1-2      0.76-1             simple interprocess messaging syst
ii  libexif12             0.6.16-2.1         library to parse EXIF files
ii  libfontconfig1        2.6.0-3            generic font configuration library
ii  libfreetype6          2.3.7-2+lenny1     FreeType 2 font engine, shared lib
ii  libgimp2.0            2.4.7-1            Libraries for the GNU Image Manipu
ii  libglib2.0-0          2.16.6-3           The GLib library of C routines
ii  libgtk2.0-0           2.12.12-1~lenny1   The GTK+ graphical user interface 
ii  libgtkhtml2-0         2.11.1-2           HTML rendering/editing library - r
ii  libhal1               0.5.11-8           Hardware Abstraction Layer - share
ii  libjpeg62             6b-14              The Independent JPEG Group's JPEG 
ii  liblcms1              1.17.dfsg-1+lenny2 Color management library
ii  libmng1               1.0.9-1            Multiple-image Network Graphics li
ii  libpango1.0-0         1.20.5-5+lenny1    Layout and rendering of internatio
ii  libpng12-0            1.2.27-2+lenny3    PNG library - runtime
ii  libpoppler-glib3      0.8.7-3            PDF rendering library (GLib-based 
ii  librsvg2-2            2.22.2-2lenny1     SAX-based renderer library for SVG
ii  libtiff4              3.8.2-11.2         Tag Image File Format (TIFF) libra
ii  libwmf0.2-7           0.2.8.4-6+lenny1   Windows metafile conversion librar
ii  libx11-6              2:1.1.5-2          X11 client-side library
ii  libxext6              2:1.0.4-1          X11 miscellaneous extension librar
ii  libxmu6               2:1.0.4-1          X11 miscellaneous utility library
ii  libxpm4               1:3.5.7-1          X11 pixmap library
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages gimp recommends:
ii  gimp-gnomevfs                 2.4.7-1    GNOME-VFS URI plugin for GIMP
ii  gimp-python                   2.4.7-1    Python support and plugins for GIM

Versions of packages gimp suggests:
ii  ghostscript        8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
pn  gimp-data-extras   <none>                (no description available)
pn  gimp-help-en | gim <none>                (no description available)
ii  libasound2         1.0.16-2              ALSA library
pn  libgimp-perl       <none>                (no description available)

-- no debconf information

More information about the Secure-testing-team mailing list