Your message dated Mon, 13 Oct 2025 18:20:23 +0000
with message-id <[email protected]>
and subject line Bug#1116461: fixed in gimp 3.0.4-3+deb13u1
has caused the Debian Bug report #1116461,
regarding gimp: CVE-2025-10924
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116461
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.0.4-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2025-10924[0]:
| ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code
| Execution Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10924
https://www.cve.org/CVERecord?id=CVE-2025-10924
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
[2] https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
[3]
https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.0.4-3+deb13u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Sep 2025 17:03:28 +0200
Source: gimp
Architecture: source
Version: 3.0.4-3+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1116458 1116459 1116460 1116461
Changes:
gimp (3.0.4-3+deb13u1) trixie-security; urgency=medium
.
* CVE-2025-10924 (Closes: #1116461)
* CVE-2025-10923 (Closes: #1116460)
* CVE-2025-10922 (Closes: #1116459)
* CVE-2025-10920 (Closes: #1116458)
Checksums-Sha1:
007b24489bfa16a6642d9115c2e73a0b2dbb57f8 3923 gimp_3.0.4-3+deb13u1.dsc
f7c52adcf5c8ab3e858ac776d3b7cedd1f94a891 27060240 gimp_3.0.4.orig.tar.xz
858bab51038a5df6599f41e4c6af5b75df50bbdf 67344
gimp_3.0.4-3+deb13u1.debian.tar.xz
4ace8aace82162d12bed828fbacb2bdf6741a717 24065
gimp_3.0.4-3+deb13u1_amd64.buildinfo
Checksums-Sha256:
94abf131ce9175ae86848e437dfc5d69c5695907348ed739119a91c143a25774 3923
gimp_3.0.4-3+deb13u1.dsc
8caa2ec275bf09326575654ac276afc083f8491e7cca45d19cf29e696aecab25 27060240
gimp_3.0.4.orig.tar.xz
b636b0883012d855c6aed5abbbc9882c9bc5b90d3b7a9572a15deb8c945c93eb 67344
gimp_3.0.4-3+deb13u1.debian.tar.xz
defecfe39640f0cfec457dccb3039644e05c7578ad8d3361bcae6d037fd9b005 24065
gimp_3.0.4-3+deb13u1_amd64.buildinfo
Files:
a599fa18dc598db94423d32c1e80b6a5 3923 graphics optional
gimp_3.0.4-3+deb13u1.dsc
eaeb6f9973a474a6b8eb168ed25d1f2a 27060240 graphics optional
gimp_3.0.4.orig.tar.xz
505bf2f24a10c0713095b2ab3e09003e 67344 graphics optional
gimp_3.0.4-3+deb13u1.debian.tar.xz
6b983c42aa7ec97bd4d7687b876cd60e 24065 graphics optional
gimp_3.0.4-3+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjYHDQACgkQEMKTtsN8
TjZ8FhAAlRwm+t6t+pGOhmR09sp79I+80JEmrypwLLL7t7tskZLb4xmTPpgPuXGl
T1n5LkaO/mW34jMNndrMtT0c/iBU6WTvLr8LbKxx5pcKw8qnihI88yGx0cGfzKO7
oEbzbkwwOI6IK40n5aOYexrDolQAjy699shZjFmorxx4V9W0iAwrQzySqgeN7/0z
ZMTIrn0zSqwXoxbEDJXrhXKjgMxYlaX6f5qUEvByi0mseHkYC36c3ZRQaVrSe2fv
c6EGO0c2BS7Svbl93z+1Tj3ikcABae2wBuZbVeaVzDMbU744Pin4BKFx6XjCEY2y
FKxTLWvEtHLf26lLbDe8LL2DWzZu5BaIEDqzPM/BgZ6BTq9n3yX9XIuVVO+mvS/9
ybpPbgB3yd2WerLZtFjqMzgyo4cmspKdTm8UNhbEHoumBgr+rsHKZdS5aWLRwVcP
Kkh48GPBnVjXLPRVYc9dBUkKVFfqpnXOOhSmXyOCLJ9RD6kxqmLFekNS/V6CU6Cn
h29NMK/w/8qaO5ifCKUNYjoKCtC3IFTnNdAKb+SrdCc5Jw4BBUsB+mPSW0CEe8tD
erIlzIcO87WaAepwR6p+5PafHdGaxd2cVekFAl64Fk4woQeFMcAQ1Ji0NDyokyJe
mW8PA0V3kD5e51kz7uZdJ1Xh9/mxjo5uLtxAsu0gD7AgdvF5JAk=
=rSlY
-----END PGP SIGNATURE-----
pgpfUzAPXuSo0.pgp
Description: PGP signature
--- End Message ---
