Your message dated Fri, 03 Oct 2025 17:19:20 +0000
with message-id <[email protected]>
and subject line Bug#1116470: fixed in gegl 1:0.4.62-3.1
has caused the Debian Bug report #1116470,
regarding gegl: CVE-2025-10921
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116470
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gegl
Version: 1:0.4.62-2
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gegl.
CVE-2025-10921[0]:
| GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability
I'm not sure on the exploitability, making it RC to be on safe side.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10921
https://www.cve.org/CVERecord?id=CVE-2025-10921
[1] https://gitlab.gnome.org/GNOME/gegl/-/issues/430
[2]
https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gegl
Source-Version: 1:0.4.62-3.1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gegl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gegl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Oct 2025 17:37:16 +0200
Source: gegl
Architecture: source
Version: 1:0.4.62-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1116470
Changes:
gegl (1:0.4.62-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* ZDI-CAN-27803: GIMP HDR File Parsing Heap-based Buffer Overflow Remote
Code Execution Vulnerability (CVE-2025-10921) (Closes: #1116470)
Checksums-Sha1:
c30cf42244ba86057a23dab6063b10cd46209b11 3291 gegl_0.4.62-3.1.dsc
4f8caedccc07e07c8a2173792eed67a03e3b9d62 26756 gegl_0.4.62-3.1.debian.tar.xz
5fcff328b02af2ffd35f69d94fa9fc8a684b5eb6 6072 gegl_0.4.62-3.1_source.buildinfo
Checksums-Sha256:
42374e4b49809e8505e0824515b5830cac988bfb6f7aba498040a50142a7d256 3291
gegl_0.4.62-3.1.dsc
346476a37f00b78c0c4bbc6282115d33d617c57628a7e30ca166978170ccd29b 26756
gegl_0.4.62-3.1.debian.tar.xz
ec0503dd7344bd535cd797cfce3cebc7c6d54d70d39bf433bde8471bfd55fac5 6072
gegl_0.4.62-3.1_source.buildinfo
Files:
d26e6cd2386e2c0c655f72750da7c4a8 3291 devel optional gegl_0.4.62-3.1.dsc
5da5e5fe903b612857cba1cc8dd83409 26756 devel optional
gegl_0.4.62-3.1.debian.tar.xz
3f2dc5cf52b0dd49ccec50441c003dba 6072 devel optional
gegl_0.4.62-3.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjf8Y9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaTEP/RDmFLkRSJYSJMtkDm+6SB7LFQFs4CDF
J5gJz6UOadNnj6k7N8ud4SPReSRtee91DcDoZdD+Ztj4WMA3cIcEG7p9EYai9fVX
Tx9wR/BK3cccBJ5gA1t2R/R0OnWfPox6Vqv9sQcaHHSfGUDO2TahNai+FRM7uGdd
Ld7uEkSL60Kg2i55xgK4gzO4/7o2JYSZezDP1HecIPsCpNKxG0VJB7NQDfX+BEP/
FKZu9Yu0wlJo0N7FgXEXsbji1eRqep7Q2zRMB293Z/vKGtbQq27foDLAc2ir6I8M
8gLODvqT2n0VnzfR7cqXmYaR2lWRY+1yUo5PXdGqdt3MjU14BgoV2gaaT9dyHif/
R9UWo/07yCObiYTCkIC9b27Hp0KGtHdjIRYSWilMJOyuy1S5ek8DAOP6YD1SXr+p
VEG+k0J7ENW/7jPC8/33+YIzqIBTcJFg61bpc2n1YLQj6mfgUMbMxdjSyETJyEAJ
emJ+owaTbTDjeqpK/0BeZ8uopAwfsohBETr20HxaTfNSXWHKG+NoJGZ1D0zA4LhE
qIyoiUKUbWwVCmyZkuNSMmN3JTFmfp5H636/U+0t0fWsHzysekNqN98Ra38cwMMy
crkUFE+3AJvJHo4Qx+6E0QnIt6LrtGus9JE2h7Mt9iY7s2MdvjiWAisdnt+Bqni+
7F0cimu+sZm0
=57QK
-----END PGP SIGNATURE-----
pgpfSKLntzRC6.pgp
Description: PGP signature
--- End Message ---
