Your message dated Sun, 19 Oct 2025 13:21:42 +0000
with message-id <[email protected]>
and subject line Bug#1116470: fixed in gegl 1:0.4.42-2+deb12u1
has caused the Debian Bug report #1116470,
regarding gegl: CVE-2025-10921
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116470
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gegl
Version: 1:0.4.62-2
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gegl.
CVE-2025-10921[0]:
| GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability
I'm not sure on the exploitability, making it RC to be on safe side.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10921
https://www.cve.org/CVERecord?id=CVE-2025-10921
[1] https://gitlab.gnome.org/GNOME/gegl/-/issues/430
[2]
https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gegl
Source-Version: 1:0.4.42-2+deb12u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gegl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gegl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Sep 2025 16:50:01 +0200
Source: gegl
Architecture: source
Version: 1:0.4.42-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1116470
Changes:
gegl (1:0.4.42-2+deb12u1) bookworm-security; urgency=medium
.
* CVE-2025-10921 (Closes: #1116470)
Checksums-Sha1:
d039c50b96652e106d4b466b9e5a603668353acf 3183 gegl_0.4.42-2+deb12u1.dsc
8b3b6d59a2bf3105e7147c6ebadd91b7dd687e88 5787100 gegl_0.4.42.orig.tar.xz
011b83492f59f53d0ef9348821984692e11bef4a 25500
gegl_0.4.42-2+deb12u1.debian.tar.xz
b584e4544d3434afc01c7a421dca4dfe5559c86b 21080
gegl_0.4.42-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
66a766be464fc2f1653f783b89d78237e103b4f917bc0cd2339b659d1bf8c9b3 3183
gegl_0.4.42-2+deb12u1.dsc
aba83a0cbaa6c56edc29ea22f2e8172950a53b96daa51592083d59222bdde02d 5787100
gegl_0.4.42.orig.tar.xz
f74fbc9e77c8a1fb8764018ebf2262af5dcb8d67f0c204222933d5d0a18cc18b 25500
gegl_0.4.42-2+deb12u1.debian.tar.xz
2aa35ca5af94ba3acd4bf4b2836b25602bedb128326fe67daf43a06359b0b00a 21080
gegl_0.4.42-2+deb12u1_amd64.buildinfo
Files:
2ee917473fe3bd111be5d585a9fea189 3183 devel optional gegl_0.4.42-2+deb12u1.dsc
f4532970b342d31cb6bb2b0207545b1d 5787100 devel optional gegl_0.4.42.orig.tar.xz
79461cd666dfc906787f698e975c2279 25500 devel optional
gegl_0.4.42-2+deb12u1.debian.tar.xz
717c162ca48fcf65762f5a94da51a8d4 21080 devel optional
gegl_0.4.42-2+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjZTfwACgkQEMKTtsN8
TjYDixAAkYgTUE5paXs0j/HtFe26kutJgH4SL/SmUPpU4qLDmZR5nMTeKMmgDW9s
bexswcGapifpf8pt4rQi5pJPsH8AuQvIPNiUpBq+KNgDUT5l2ajHDFYvk3iNcRO5
MBTxTzkcjxG5D1MGO5TCTQ8iRmmxfgH5wUXfOwkJ7SRKCJfTsICED/qXD4IANkTd
TIGbUQP8gGj0tvfT872QsRXlCEnzJy2etbPQdvuBrbVKh92f9fHTr67Q3H7xz8AX
3iISneClZfC0c2rhkVHwlDPhFtz0olqhrS3Huxw7bwQqK3XZiqk5PZ/sWRbaAS6O
i94EmtRXTdN6jxEK5ZioHARNhYdtBOYEtZ/aFVe0fw60Uc8oYbZIV/BAXLrnSOnf
dfIz4s2/S1pP/WqemUUrQFoxjlCHTLd/0Q8pWEHZ2gRTdY12nNgbl0Mp6ZFLk+m9
mDiNYP/EhFJbs+7ifLcrZzzunZDkEWRLljadz1TA6uGw344HzPNfiqpX7MjMixoW
KH2fhKUm7SALd2cqQ3ZkgUddS+au0TrA5yNplx66RT7ztkKGa5KMku/3RpwGAg/I
hauZ/2qL0IcuZUaD6WSYkVyZVZhDuaUzr9ffbdDmskZRZCKJ/Vj3JRqmuEMWFrhh
UTUQjb4QUA19wDAnmUfflwp3cyVmjLu7ehxPxVaqjPYWBg/zzLk=
=Dqbm
-----END PGP SIGNATURE-----
pgpjJ_auc5_AY.pgp
Description: PGP signature
--- End Message ---
