Windows version of Gimp 2.8.22 is shipped with Python 2.7.10 that has a critical security vulnerability.
Submitted by Ingo
Link to original bug (#792108)
Description
The Windows packages of Gimp 2.8.22 stable is shipped with a Python version <= 2.7.13 that is vulnerable to a critical security vulnerability.
Here is the CERT CVE-2017-1000158 report about the vulnerability of Python <= 2.7.13: https://nvd.nist.gov/vuln/detail/CVE-2017-1000158
The vulnerability is fixed in Python 2.7.14.
Changelog of Python 2.7.14 where it is stated: "bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape." https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS
I highly recommend to create a new Windows package of Gimp 2.8.22 shipping with a new version of Python >= 2.7.14.
I also recommend to the developers to subscribe to one of the CERT mailings-lists. That way you will be always get informed about new security vulnerabilities related to Python. Some of the CERT mailings-lists also allow it to filter the CERT reports by application name.
Version: gimp-2-8