Bug 1073627 - (CVE-2017-17789) VUL-1: CVE-2017-17789: gimp: Heap overflow in PSP
(CVE-2017-17789)
VUL-1: CVE-2017-17789: gimp: Heap overflow in PSP
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/196890/
CVSSv2:SUSE:CVE-2017-17789:2.1:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-20 09:16 UTC by Alexander Bergmann
Modified: 2020-10-21 09:20 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-12-20 09:16:45 UTC
http://seclists.org/oss-sec/2017/q4/427

CVE-2017-17789

Heap overflow in PSP (no patch, doesn't look straightforward to fix)
https://bugzilla.gnome.org/show_bug.cgi?id=790849
Comment 1 Alexander Bergmann 2017-12-20 10:34:24 UTC
Fix not available yet.
Comment 2 Scott Reeves 2018-08-17 22:26:31 UTC
Hi Yifan, can you have your team take this. Thanks.
Comment 4 Wolfgang Frisch 2020-08-19 11:54:25 UTC
References:
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17789.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884837

Upstream fix:
https://gitlab.gnome.org/GNOME/gimp/-/commit/28e95fbeb5720e6005a088fa811f5bf3c1af48b8

SUSE:SLE-12-SP2:Update   gimp      Affected [1]
SUSE:SLE-15:Update       gimp      Affected [1]
SUSE:SLE-15-SP2:Update   gimp      Already fixed

[1] Upstream patch applies cleanly.
Comment 7 Jia Zhaocong 2020-09-01 07:36:58 UTC
Fix submitted and request accepted.
Comment 8 Swamp Workflow Management 2020-09-10 19:14:16 UTC
SUSE-SU-2020:2603-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1073627
CVE References: CVE-2017-17789
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    gimp-2.8.18-9.12.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    gimp-2.8.18-9.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-09-10 19:15:59 UTC
SUSE-SU-2020:2604-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1073627
CVE References: CVE-2017-17789
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    gimp-2.8.22-5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-09-13 22:14:37 UTC
openSUSE-SU-2020:1420-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1073627
CVE References: CVE-2017-17789
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    gimp-2.8.22-lp151.5.3.1
Comment 11 Jia Zhaocong 2020-09-14 00:59:54 UTC
Forgot to mark as resolved fixed.
Comment 12 Jia Zhaocong 2020-09-14 01:10:03 UTC
(In reply to Jia Zhaocong from comment #11)
> Forgot to mark as resolved fixed.

Reopen for security team workflow.
Comment 13 Marcus Meissner 2020-09-14 12:25:23 UTC
all done, closing