Your message dated Mon, 13 Oct 2025 18:20:05 +0000
with message-id <[email protected]>
and subject line Bug#1116470: fixed in gegl 1:0.4.62-2+deb13u1
has caused the Debian Bug report #1116470,
regarding gegl: CVE-2025-10921
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116470
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gegl
Version: 1:0.4.62-2
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gegl.
CVE-2025-10921[0]:
| GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability
I'm not sure on the exploitability, making it RC to be on safe side.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10921
https://www.cve.org/CVERecord?id=CVE-2025-10921
[1] https://gitlab.gnome.org/GNOME/gegl/-/issues/430
[2]
https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gegl
Source-Version: 1:0.4.62-2+deb13u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gegl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gegl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Sep 2025 23:42:17 +0200
Source: gegl
Architecture: source
Version: 1:0.4.62-2+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1116470
Changes:
gegl (1:0.4.62-2+deb13u1) trixie-security; urgency=medium
.
* CVE-2025-10921 (Closes: #1116470)
Checksums-Sha1:
78602af528d6ff54943c519156475ce837b5d36e 3163 gegl_0.4.62-2+deb13u1.dsc
3831a6226984bb77ede40cad07e7f66b448d1ea2 6025372 gegl_0.4.62.orig.tar.xz
1c77a4e14f65167d3942171a2031f455fcec52de 26076
gegl_0.4.62-2+deb13u1.debian.tar.xz
6a57d03c3cda3014065393b129f83bf11bae6120 22491
gegl_0.4.62-2+deb13u1_amd64.buildinfo
Checksums-Sha256:
3f3353e5069c751db687c32a31c7f16f777257f7f109ec46925631cd78c04f4e 3163
gegl_0.4.62-2+deb13u1.dsc
5887576371ebf1d9e90797d10e4b9a7f1658228d4827583e79e1db3d94505c6c 6025372
gegl_0.4.62.orig.tar.xz
860e906ddab96914477912a2184b6072ed9d58f54aab20b653c4303733518ebc 26076
gegl_0.4.62-2+deb13u1.debian.tar.xz
b0921130cf21b5d4ee5e40c88dcc80ae9ffe8d8dee65e657b27512521d5556da 22491
gegl_0.4.62-2+deb13u1_amd64.buildinfo
Files:
7fcfd14374b11c1b0ca1e48abb044986 3163 devel optional gegl_0.4.62-2+deb13u1.dsc
0077654104c84fd54b4b48b92271131c 6025372 devel optional gegl_0.4.62.orig.tar.xz
3469a897f6365fdbd6cf860eb513eb4c 26076 devel optional
gegl_0.4.62-2+deb13u1.debian.tar.xz
95d6bfffeef958ca5dc845ea49378db8 22491 devel optional
gegl_0.4.62-2+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjYW94ACgkQEMKTtsN8
Tjaa5g//eKRNHODDwK1FVpCFGgheJKhXjhIA+ljZJ0HD69W55FKFnoTL44FFKRIp
FcAtBzo4g4cU11cy3gEn5AU2Ip4efj5E18J64SAg6/1UmueyJNfYgebEps1glqmk
J5RcdbZ+D2czs2ks9ap+T06jT19F2WhpbNscB2l6tyCQWZPoeiiMY2chP5NhsXrY
QXo+ch2j7mwYDIAK0khcw+Ee6GkfNtjcWZdAtmZ3IX3cDgZV/4WbBpQDQMmj7bGb
YT1B7Ji1dZk/UG3uxEf3gEx6UgXd8g4x5XdhHVB4MM1mDxQNWXp5iQhTkIJdZBRr
PrRSIy/QAJH2sgHwXzb+XnOS9EAID78mjtS9FmctVb1gf8SCGy1SQIkvNdEpRxeT
kLMCrMzrFWIymkGM5V66wduKayqLu+klx1FpgnftgVjZAsaw3+Qa9knQtXA1wqNM
/0WvAkpQstQLG5BkfBNNYYMcB+pa5c9wptnIZrujGDPfRzAk/66QNNBljfwPYzKM
8a+1JbpUdYOG9otesPpsHEV/ARJwetO3uIgpXGlplfO7YnZV+XV3ZHKBRLSulA91
vgHCnSqJpgl55dWrreWOFonv0qsBpZ3qWIuiqRU2Juz4EAExpkp7tRrSme9CLkbJ
ReCvcNlSF/meHJ5cmQaQcXJcR3rwnfZr6lUY2SPru2hL0JQvlcA=
=29dy
-----END PGP SIGNATURE-----
pgpHWDj86KP68.pgp
Description: PGP signature
--- End Message ---
