Kod programskog paketa GIMP, namijenjenog operacijskom sustavu Fedora 17, uočena su dva sigurnosna nedostatka. Udaljenim napadačima omogućuju izvođenje DoS napada i proizvoljno izvršavanje programskog koda.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12383
2012-08-21 09:30:35
--------------------------------------------------------------------------------

Name        : gimp
Product     : Fedora 17
Version     : 2.8.2
Release     : 1.fc17
URL         : http://www.gimp.org/
Summary     : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for webpages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.

--------------------------------------------------------------------------------
Update Information:

Among other things this update fixes security and stability issues in various
image format loaders. Security issues fixed include CVE-2012-3403 and
CVE-2012-3481.


Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2
=================================================


Core:

 - Make tag matching always case-insensitive
 - Let the tile-cache-size default to half the physical memory


GUI:

 - Mention that the image was exported in the close warning dialog
 - Make sure popup windows appear on top on OSX
 - Allow file opening by dropping to the OSX dock
 - Fix the visibility logic of the export/overwrite menu items
 - Remove all "Use GEGL" menu items, they only add bugs and zero function
 - Improve performance of display filters, especially color management
 - Fix the image window title to comply with the save/export spec
   and use the same image name everywhere, not only in the title
 - Fix positioning of pasted/dropped stuff to be more reasonable


Libgimp:

 - Move gimpdir and thumbnails to proper locations on OSX
 - Implement relocation on OSX
 - Allow to use $(gimp_installation_dir) in config files


Plug-ins:

 - Fix remembering of JPEG load/save defaults
 - Revive the page setup dialog on Windows


Source and build system:

 - Add Windows installer infrastructure
 - Add infrastructure to build GIMP.app on OSX


General:

 - Lots of bug fixes
 - List of translation updates
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 24 2012 Nils Philippsen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2:2.8.2-1
- version 2.8.2
* Mon Aug 20 2012 Nils Philippsen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2:2.8.0-3
- fix crash in fits loader (#834627)
- fix overflow in CEL plug-in (CVE-2012-3403)
- fix overflow in GIF loader (CVE-2012-3481)
* Thu Jul 19 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
2:2.8.0-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jun 25 2012 Nils Philippsen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2:2.8.0-2
- build with poppler >= 0.20.0 from Fedora 18 on as it is GPLv2/GPLv3
  dual-licensed
* Thu May 10 2012 Nils Philippsen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2:2.8.0-1
- version 2.8.0
* Wed Apr 25 2012 Nils Philippsen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- update BR: librsvg2-devel >= 2.36.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow
when loading external palette files
        https://bugzilla.redhat.com/show_bug.cgi?id=839020
  [ 2 ] Bug #847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer
overflow by loading certain GIF images
        https://bugzilla.redhat.com/show_bug.cgi?id=847303
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gimp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce