gimp (2.10.30-1ubuntu0.1) jammy-security; urgency=medium
[ Luís Infante da Câmara ]
* SECURITY UPDATE: Buffer overflow leading to insufficient memory or
program crash via a crafted XCF file (LP: #1982422)
- debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
the next property when xcf_old_path fails.
- CVE-2022-30067
* SECURITY UPDATE: Denial of service via a crafted XCF file
(LP: #1982422)
- debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
loading XCF files.
- debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
loading XCF files.
- debian/patches/CVE-2022-32990-3.patch: Return TRUE in
gimp_channel_is_empty when channel is NULL.
- CVE-2022-32990
[ Marc Deslauriers ]
* SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
- debian/patches/CVE-2023-44441-1.patch: verify header information in
plug-ins/file-dds/ddsread.c.
- debian/patches/CVE-2023-44441-2.patch: fix checks in
plug-ins/file-dds/ddsread.c.
- debian/patches/CVE-2023-44441-3.patch: add additional fixes in
plug-ins/file-dds/ddsread.c.
- CVE-2023-44441
* SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
- debian/patches/CVE-2023-44442.patch: add missing break statement in
plug-ins/file-psd/psd-util.c.
- CVE-2023-44442
* SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One
- debian/patches/CVE-2023-44443_44444.patch: check
color_palette_entries and fix buffer size in
plug-ins/common/file-psp.c.
- CVE-2023-44443
- CVE-2023-44444
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 28 Nov 2023 07:38:10 -0500
gimp (2.10.30-1build1) jammy; urgency=medium
* No-change rebuild against latest libwebp
-- Jeremy Bicha <jeremy.bicha@canonical.com> Wed, 02 Feb 2022 06:33:11 -0500
gimp (2.10.30-1) unstable; urgency=medium
* New upstream release
* debian/control.in: Bump minimum gegl to 0.4.34
* debian/libgimp2.0.symbols: Add new symbols
-- Jeremy Bicha <jbicha@debian.org> Mon, 27 Dec 2021 22:47:46 -0500
gimp (2.10.28-1) unstable; urgency=medium
* New upstream release
* debian/rules: Clean up a bit
-- Jeremy Bicha <jbicha@debian.org> Sun, 19 Sep 2021 12:56:47 -0400
gimp (2.10.26-1) unstable; urgency=medium
* New upstream release
* Bump minimum gegl to 0.4.32
* Drop two app patches applied in new release
* debian/gimp-data.install: .mo files for tips file are no longer installed
-- Jeremy Bicha <jbicha@debian.org> Thu, 09 Sep 2021 20:02:59 -0400
gimp (2.10.24-2) unstable; urgency=medium
* Include epoch in dependencies on babl & gegl
-- Jeremy Bicha <jbicha@debian.org> Sun, 18 Jul 2021 21:31:03 -0400
gimp (2.10.24-1) unstable; urgency=medium
* New upstream release
* Bump minimum gegl to 0.4.30
-- Jeremy Bicha <jbicha@debian.org> Sun, 18 Jul 2021 15:01:24 -0400
gimp (2.10.22-4) unstable; urgency=medium
* Team upload
[ Laurent Bigonville ]
* Drop debian/shlibs.local, not needed anymore.
This file has the adverse effect of lowering the required version of
libbabl-0.1-0. The library now ships a .symbols file with
Build-Depends-Package, so let dh_shlibs adjust the dependency version
automatically (Closes: #983568)
[ Simon McVittie ]
* d/p/app-Print-2-digit-LittleCMS-minor-versions-correctly.patch:
Print 2-digit lcms minor versions correctly. Related to #900819, #986192.
* d/p/app-Don-t-second-guess-the-dependency-system.patch:
Don't require lcms runtime version >= compile-time version.
If no new symbols referenced by GIMP have been introduced (as is the
case when upgrading from 2.9 to 2.12~rc1), we only need a dependency
on version 2.9. (Closes: #900819, #986192)
* d/p/*_hurd_ftbfs.patch: Add patch metadata
-- Simon McVittie <smcv@debian.org> Sat, 03 Apr 2021 23:21:59 +0100
gimp (2.10.22-3) unstable; urgency=medium
* debian/control.in: Add graphviz to the dependencies.
Some optional functionality of libgegl used in gimp now requires the dot
executable shipped in the graphviz package (Closes: #985317)
* debian/patches/02_hurd_ftbfs.patch: Fix FTBFS on hurd-i386.
Thanks to Svante Signell <svante.signell@gmail.com> (Closes: #934077)
-- Laurent Bigonville <bigon@debian.org> Sat, 20 Mar 2021 12:21:08 +0100
gimp (2.10.22-2) unstable; urgency=medium
* Team upload
* Preferentially build-depend on libgdk-pixbuf-2.0-dev.
We don't need the deprecated Xlib integration that is also pulled in
by the older libgdk-pixbuf2.0-dev package (see #974870).
* Remove hard-coded dependency on libgdk-pixbuf2.0-0.
We can (and do) get a newer versioned dependency from dpkg-shlibdeps.
* Mark libgimp2.0 as Multi-Arch: same
-- Simon McVittie <smcv@debian.org> Tue, 24 Nov 2020 09:25:51 +0000
# For older changelog entries, run 'apt-get changelog libgimp2.0-doc'
Generated by dwww version 1.14 on Sun Jan 26 22:37:07 CET 2025.