| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_hurd_ftbfs.patch | Define PATH_MAX to fix build on the Hurd. | Svante Signell <svante.signell@telia.com> | yes | 2018-04-01 | ||
| 02_hurd_ftbfs.patch | qbist: Define PATH_MAX on Hurd | Svante Signell <svante.signell@gmail.com> | yes | debian | 2019-08-06 | |
| plug-ins-Fix-vulnerabilities-in-file-psp.patch | plug-ins: Fix vulnerabilities in file-psp Backports commits e1bfd871 and 96f536a3 from master |
Alx Sa <cmyk.student@gmail.com> | no | debian | https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0 | 2023-09-23 |
| plug-ins-Fix-vulnerability-in-file-psd.patch | plug-ins: Fix vulnerability in file-psd Resolves #10101. This patch adds a missing break statement after an error condition is detected to prevent the code from continuing afterwards. |
Alx Sa <cmyk.student@gmail.com> | no | debian | https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d | 2023-09-29 |
| plug-ins-Fix-DDS-vulnerability-ZDI-CAN-22093.patch | plug-ins: Fix DDS vulnerability (ZDI-CAN-22093) Resolves #10069 Currently, the DDS header information for the width, height, and bytes per scan line are read in and assumed to be correct. As these values are used for memory allocation and reading, it would be good to verify they do not exceed the file size. This patch adds a condition after the header is read in to verify those values. If they exceed the file size (mins an offset), the file is not read in and an error message is shown. |
Alx Sa <cmyk.student@gmail.com> | no | debian | https://gitlab.gnome.org/GNOME/gimp/-/commit/7db71cd0b6e36c454aa0d2d3efeec7e636db4dbc | 2023-10-01 |
| plug-ins-Fix-DDS-import-regression-from-7db71cd0.patch | plug-ins: Fix DDS import regression from 7db71cd0 @Wormnest pointed out that compressed files are likely smaller than width * height * bps, so our check to prevent ZDI-CAN-22093 also caught valid files. The size check is removed from load_image () and moved to load_layer () before the two fread() functions, as we know exactly how much we'll try to read at that point. (Backport of 8faad92e) |
Alx Sa <cmyk.student@gmail.com> | no | debian | https://gitlab.gnome.org/GNOME/gimp/-/commit/e92f279c97282a2b20dca0d923db7465f2057703 | 2023-10-27 |
| plug-ins-Additional-fixes-for-DDS-Import.patch | plug-ins: Additional fixes for DDS Import @Wormnest noted remaining regressions after 8faad92e. The second fread() only runs if the DDSD_PITCH flag is set, so the error handling check should also be conditional. Additionally, the ZDI-CAN-22093 exploit no longer runs but still could cause a plug-in crash. This patch adds an additional check to ensure the buffer size was within bounds. |
Alx Sa <cmyk.student@gmail.com> | no | debian | https://gitlab.gnome.org/GNOME/gimp/-/commit/9dda8139e4d07e3a273436eda993fef32555edbe | 2023-10-28 |