From Mageia wiki
MGASA-2012-0286
| Date: | October 6th, 2012 |
| Affected releases: | 2 |
Description:
This gimp update provides the stable maintenance release 2.8.2, and fixes
the following security issue:
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a
malformed XTENSION header of a .fit file, as demonstrated using a long
string. (CVE-2012-3236)
Additionally it fixes partial translations in several languages.
Updated Packages:
gimp-2.8.2-1.1.mga2
gimp-python-2.8.2-1.1.mga2
lib(64)gimp2.0_0-2.8.2-1.1.mga2
lib(64)gimp2.0-devel-2.8.2-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236
http://git.gnome.org/browse/gimp/plain/NEWS?h=gimp-2-8
https://bugs.mageia.org/show_bug.cgi?id=6403
