[Secure-testing-team] Bug#731305: gimp: CVE-2013-1913 CVE-2013-1978
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 4 06:11:11 UTC 2013
Package: gimp
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for gimp. Note I have set
the severity to grave as it potentially allows potentially code
execution.
CVE-2013-1913[0]:
xwd plugin g_new() integer overflow
CVE-2013-1978[1]:
XWD plugin color map heap-based buffer overflow
See the RedHat bugtracker referenced from security-tracker for patches
and background for the issues discovered by Murray McAllister.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-1913
[1] http://security-tracker.debian.org/tracker/CVE-2013-1978
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list