Control: tags 1126267 + patch Control: tags 1126267 + pending
Dear maintainer, I've prepared an NMU for gimp (versioned as 3.2.0~RC2-3.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. Regards, Salvatore
diffstat for gimp-3.2.0~RC2 gimp-3.2.0~RC2 changelog | 8 + patches/plug-ins-fix-15284-ZDI-CAN-28232-vulnerability-in-fi.patch | 41 ++++++++++ patches/series | 1 3 files changed, 50 insertions(+) diff -Nru gimp-3.2.0~RC2/debian/changelog gimp-3.2.0~RC2/debian/changelog --- gimp-3.2.0~RC2/debian/changelog 2026-01-08 15:53:39.000000000 +0100 +++ gimp-3.2.0~RC2/debian/changelog 2026-01-31 13:53:39.000000000 +0100 @@ -1,3 +1,11 @@ +gimp (3.2.0~RC2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp + (CVE-2025-15059) (Closes: #1126267) + + -- Salvatore Bonaccorso <[email protected]> Sat, 31 Jan 2026 13:53:39 +0100 + gimp (3.2.0~RC2-3) unstable; urgency=medium * Move Maintainer from Debian GNOME to Debian GNOME Extras diff -Nru gimp-3.2.0~RC2/debian/patches/plug-ins-fix-15284-ZDI-CAN-28232-vulnerability-in-fi.patch gimp-3.2.0~RC2/debian/patches/plug-ins-fix-15284-ZDI-CAN-28232-vulnerability-in-fi.patch --- gimp-3.2.0~RC2/debian/patches/plug-ins-fix-15284-ZDI-CAN-28232-vulnerability-in-fi.patch 1970-01-01 01:00:00.000000000 +0100 +++ gimp-3.2.0~RC2/debian/patches/plug-ins-fix-15284-ZDI-CAN-28232-vulnerability-in-fi.patch 2026-01-31 13:50:45.000000000 +0100 @@ -0,0 +1,41 @@ +From: Jacob Boerema <[email protected]> +Date: Sat, 20 Dec 2025 10:10:48 -0500 +Subject: plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp +Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e +Bug: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284 +Bug-Debian: https://bugs.debian.org/1126267 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-15059 + +We were not checking whether channel types were valid for grayscale +images. Using a blue color channel caused an invalid computation of +the offset which could cause us to access an invalid memory location. + +Now we separate RGB from non-RGB images when checking which channels +are valid, and if not return with an error. +--- + plug-ins/common/file-psp.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index f00251c57326..3f6970561fff 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -2171,11 +2171,12 @@ read_layer_block (FILE *f, + } + else + { +- if (channel_type > PSP_CHANNEL_BLUE) ++ if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) || ++ (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED)) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, +- _("Invalid channel type %d in channel information chunk"), +- channel_type); ++ _("Invalid channel type %d in channel information chunk"), ++ channel_type); + return NULL; + } + +-- +2.51.0 + diff -Nru gimp-3.2.0~RC2/debian/patches/series gimp-3.2.0~RC2/debian/patches/series --- gimp-3.2.0~RC2/debian/patches/series 2026-01-08 15:53:39.000000000 +0100 +++ gimp-3.2.0~RC2/debian/patches/series 2026-01-31 13:50:51.000000000 +0100 @@ -1 +1,2 @@ devel-docs-Use-API-version-not-app-version-for-install-lo.patch +plug-ins-fix-15284-ZDI-CAN-28232-vulnerability-in-fi.patch
