-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4077-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 30, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gimp
CVE ID         : CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 
                 CVE-2017-17788 CVE-2017-17789
Debian Bug     : 884836 884837 884862 884925 884927 885347

Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service
(application crash) or potentially the execution of arbitrary code if
malformed files are opened.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.8.14-1+deb8u2.

For the stable distribution (stretch), these problems have been fixed in
version 2.8.18-1+deb9u1.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlpHxT1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T4Hg/+OjUfR67t4KA3+42uwUcQYC51mLSjXwbVdA98B+wARNfrngsnxtYoQWyb
7TvjJjsqTljsg5aQgM41hNGCiLDsS1W+tR8y5+HlcDw4qVElFgpmMKZFggFwQiR7
8JzbrlxIfRMraC02pxmSvsMh4WtiXJ0CK+kXP7REFcFCPlBNU7ewh1MipkchU+8t
FfpnWv2QzhJQeVklWuChklIc4MDX3RvE82n3ay9f157RbX5tU5Sd081b7OYqntSN
ayAbTkmNnbOFbs/iLG54du3vxUub+r+27oWvAVlhjA7b1hYZcusvCCLIXK5uWSer
SVna6SwK4WL/GDdjD4My18EoySi0BkNtM8xZXyJ6pqHXa1mzZ4bwCNWSDZ/kALl/
nkZdWzMAjezynipRwlbNsQcjJ2GX7hd8UZFbF30dGXgc9A/lPtcIWSYIDAntM1nc
48gXflUMTy3YZptBlTx5bG9jtamhpCeHd3KEwiWw8XXtZanZ57oCWMlEw+UwAc8x
paFEIZ2P+SbtHnc+lQ+3U7ZtJF0CE1cYAqkZIlTNQLw5G383N80Y+OMRfwww08/P
PSbUO6KnKhH5tzBfgiZkY1QG23ij8qR8p6sXpPxbyv784s4rkO/kU+8sUQilMphk
2WmBsOYlMsQ91WKTc7MU9mpQi6Dz8EG1bovrZdYw8HUjnkKO8X8=
=tgMV
-----END PGP SIGNATURE-----