Hi,
we are releasing GIMP 2.8.18 with a number of bug fixes, including
the fix for a vulnerability found in the XCF loading code:
CVE-2016-4994
Use-after-free vulnerability in the xcf_load_image function
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
This is a bugfix release in the stable 2.8 series, no
new features were added.
For a complete list of changes since 2.8.16 please see the "Changes"
section below. Also see the release notes of the 2.8 series at
https://www.gimp.org/release-notes/gimp-2.8.html
Happy GIMPing,
--Michael
Download
========
GIMP 2.8.18 is available from:
https://download.gimp.org/pub/gimp/v2.8/
and from the mirrors listed at:
https://www.gimp.org/downloads/#mirrors
Please use the torrent, it distributes
the download bandwidth across all mirrors:
https://download.gimp.org/pub/gimp/v2.8/gimp-2.8.18.tar.bz2.torrent
The checksum of the tarball is:
5adaa11a68bc8a42bb2c778fee4d389c gimp-2.8.18.tar.bz2
Overview of Changes from GIMP 2.8.16 to GIMP 2.8.18
===================================================
Core:
- Initialize fontconfig cache in separate thread to keep GUI
responsive on first startup
- Properly recognize layer masks as deactivated, e.g. for moving layers
- Create $XDG_DATA_HOME if it doesn't exist
- (CVE-2016-4994) Multiple Use-After-Free when parsing XCF channel
and layer properties
- Fix progress access to prevent crash on rapid sequence of commands
- Fix crash in gimp-gradient-segment-range-move
GUI:
- Disable color picker buttons on OS X to prevent a GUI lockup
- Disable "new-style" full-screen mode on OS X to prevent a crash
- Pulsing progress bar in splash screen to indicate unknown durations
- Fix gamut warning color for lcms display filter
- Fix unbolding of bold font on edit
- Prevent accidental renaming of wrong adjacent item
Installer:
- Change compression settings to decrease size by 20%
- Add Catalan, Danish, French, Dutch
Plug-ins:
- Fix crash on sRGB JPEG image drag & drop
- Fix ambiguous octal-escaped output of c-source
- Fix KISS CEL export
- Fix progress bar for file-compressor
- Make Script-Fu regex match return proper character indexes for
Unicode characters
- Fix Script-Fu modulo for large numbers
General:
- Documentation updates
- Bug fixes
- Translation updates
Contributors
============
Adrian Likins, Ell, Jehan, Jernej Simončič, João S. O. Bueno,
Kristian Rietveld, Massimo Valentini, Michael Natterer, Michael
Schumacher, Pedro Gimeno, Shmuel H, Simon Budig, Sven Claussner,
Thomas Manni
Translators
===========
Alexandre Prokoudine, Anders Jonsson, Ask Hjorth Larsen, Balázs Úr,
Baurzhan Muftakhidinov, Christian Kirbach, Cédric Valmary, Dimitris
Spingos, Dimitris Spingos (Δημήτρης Σπίγγος), Dušan Kazik, Gábor
Kelemen, Marco Ciampa, Mario Blättermann, Martin Srebotnjak, Piotr
Drąg, Rafael Fontenelle, Sveinn í Felli, Tiago Santos, Милош Поповић,
Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD