[SECURITY] Fedora 20 Update: gimp-2.8.10-4.fc20

updates at fedoraproject.org updates at fedoraproject.org
Sat Dec 14 02:52:35 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-22701
2013-12-05 00:20:22
--------------------------------------------------------------------------------

Name        : gimp
Product     : Fedora 20
Version     : 2.8.10
Release     : 4.fc20
URL         : http://www.gimp.org/
Summary     : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for webpages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.

--------------------------------------------------------------------------------
Update Information:

This update fixes buffer overflows in the XWD loader.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-4
- avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978)
* Fri Nov 29 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-1
- version 2.8.10
* Tue Nov 26 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-1
- use grep -E instead of egrep
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037720 - CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1037720
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gimp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list