Your message dated Sat, 01 Nov 2025 18:48:49 +0000
with message-id <[email protected]>
and subject line Bug#1116459: fixed in gimp 2.10.34-1+deb12u4
has caused the Debian Bug report #1116459,
regarding gimp: CVE-2025-10922
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.0.4-3
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2025-10922[0]:
| ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote
| Code Execution Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10922
https://www.cve.org/CVERecord?id=CVE-2025-10922
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
[2] https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
[3]
https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 2.10.34-1+deb12u4
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Oct 2025 18:17:22 +0200
Source: gimp
Architecture: source
Version: 2.10.34-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1116459
Changes:
gimp (2.10.34-1+deb12u4) bookworm-security; urgency=medium
.
* CVE-2025-10922 (Closes: #1116459)
* CVE-2025-6035
* CVE-2025-2760 32bit followup
Checksums-Sha1:
25834c038a29d43422dc7c71d45592433b88d5c0 3534 gimp_2.10.34-1+deb12u4.dsc
27a96b93412526ff847e5af237ed7af2ac2cdf0c 71560
gimp_2.10.34-1+deb12u4.debian.tar.xz
6ee6ef5dd82e77e57e9e7013cb72da761f785f0f 21962
gimp_2.10.34-1+deb12u4_amd64.buildinfo
Checksums-Sha256:
3041be3032e658be27c770bb7166c6380dc1b90f2ec36a2cf3871973e4ed9473 3534
gimp_2.10.34-1+deb12u4.dsc
1648404a92521090417769483070820a488793f9a4b554c2aab043b433469188 71560
gimp_2.10.34-1+deb12u4.debian.tar.xz
d2b257fbca59d80d1a970cc76b499f8343ca995b1dee103b286a0661c76b7dec 21962
gimp_2.10.34-1+deb12u4_amd64.buildinfo
Files:
8061153bac3733b273386c9e60e77ea5 3534 graphics optional
gimp_2.10.34-1+deb12u4.dsc
7da508e8b93160d2081320c20b8fc1ad 71560 graphics optional
gimp_2.10.34-1+deb12u4.debian.tar.xz
50529d8613225efdc309687031f17c8f 21962 graphics optional
gimp_2.10.34-1+deb12u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmj9ErEACgkQEMKTtsN8
TjYnIg/9GAYzMZmUfJFEV378gXvBhQz7jxLfCw0rC7/jviYvnKPzosXljh7RXVKD
azcj+CQGeKZNv36jm7RBV8dXzNEcIEdl9StnLN+hxCckZX6JGpzJFQQRNWu7e57j
IfJchU6faav6mpLcLiPUiF9IDRlgq3k0X1BND9zDFmNnaW+RhJYHyAtFe3nqEfg0
VkPsVlAwHyZSGID2BQAbXB5UVLjBbn3xxjyu/mzVM5FRqoAdzrPGZUwEvbzmvHaX
6+eDcFLOKhXqrx/TWZcJaG2PUW9WIGJMaKtuiNSoqnoPFaLBMjzv1MVXhxrBnZLE
CEOLIbgLyhMcRaExAUOenGbHBGePMdq9kkb3Mg8pZPdzmHS+uVccuGTWisqp0HzC
ClMHjSedBkPi/6QJKBzlIHIT8G9VRWCuDsTXKZQdRKQVpGsQ95cUtYhXMTOA5TL8
OmNHCzeK9C4IChXL550buaM6Zljjaa/26r1HFdW5gW5kZmQymqE6C8WfbGIBMDM/
54v0SuZRCPVELyxxdPE44SmzJO24/Lt25Kws/K5N9pp1kNegjC+Wx2YycQ7oYbq+
i6w8AlA8wmbPfLrIlix7J70VCLwYz0Tml8KyYim9Of9xqeaZrUuqzaaqZstJbydb
m1Wa1oBwc+blFxlBKoy0fPPKvII06+MThgFDYRODvD5Mia6wdqo=
=SSwW
-----END PGP SIGNATURE-----
pgpCmFyTEWsE1.pgp
Description: PGP signature
--- End Message ---
