Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gimp for openSUSE:Factory checked in at 2026-02-13 12:40:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gimp (Old) and /work/SRC/openSUSE:Factory/.gimp.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gimp" Fri Feb 13 12:40:12 2026 rev:164 rq:1332566 version:3.0.8 Changes: -------- --- /work/SRC/openSUSE:Factory/gimp/gimp.changes 2026-01-28 15:05:47.758626837 +0100 +++ /work/SRC/openSUSE:Factory/.gimp.new.1977/gimp.changes 2026-02-13 12:40:24.518373926 +0100 @@ -1,0 +2,6 @@ +Wed Feb 11 15:32:17 UTC 2026 - Michael Gorse <[email protected]> + +- Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in + psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812). + +------------------------------------------------------------------- New: ---- gimp-CVE-2026-2239.patch ----------(New B)---------- New: - Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp.spec ++++++ --- /var/tmp/diff_new_pack.duq20m/_old 2026-02-13 12:40:26.946475580 +0100 +++ /var/tmp/diff_new_pack.duq20m/_new 2026-02-13 12:40:26.950475747 +0100 @@ -100,6 +100,8 @@ Patch1: gimp-2.99.19-cm-system-monitor-profile-by-default.patch Patch2: gimp-2.99.19-external-help-browser.patch Patch3: gimp-2.99.19-no-phone-home-default.patch +# PATCH-FIX-UPSTREAM gimp-2026-2239.patch bsc#1257959 [email protected] -- fix heap buffer overflow in psd-util.c. +Patch4: gimp-CVE-2026-2239.patch %if %{with debug_in_build_gimp} BuildRequires: gdb %endif ++++++ gimp-CVE-2026-2239.patch ++++++ >From 8cf2772f5631719ae0e4e701bd7ef793b1f59cfa Mon Sep 17 00:00:00 2001 From: Jacob Boerema <[email protected]> Date: Fri, 6 Feb 2026 15:56:07 -0500 Subject: [PATCH] plug-ins: fix #15812 PSD loader: heap-buffer-overflow ... in fread_pascal_string In plug-ins/file-psd/psd-util.c, the function fread_pascal_string() allocates a buffer with g_malloc(len) and reads len bytes from the file into it. The buffer is not null-terminated, but is assumed to be in later code. This causes it to read past the end of its allocated region with a specially crafted PSD, causing a heap-buffer-overflow. Fix this by alloocating one more byte than its length and set that to '\0'. --- plug-ins/file-psd/psd-util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c index e0cca2b4db..734155c57a 100644 --- a/plug-ins/file-psd/psd-util.c +++ b/plug-ins/file-psd/psd-util.c @@ -274,7 +274,8 @@ fread_pascal_string (gint32 *bytes_read, return NULL; } - str = g_malloc (len); + str = g_malloc (len + 1); + str[len] = '\0'; if (psd_read (input, str, len, error) < len) { psd_set_error (error); -- 2.53.0
