Your message dated Sat, 01 Nov 2025 23:11:51 +0000
with message-id <[email protected]>
and subject line Bug#1119661: fixed in gimp 3.0.4-6.2
has caused the Debian Bug report #1119661,
regarding gimp: CVE-2025-10934
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119661: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.0.4-6.1
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.0.4-3
Hi,
The following vulnerability was published for gimp.
CVE-2025-10934[0]:
| GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows remote attackers
| to execute arbitrary code on affected installations of GIMP. User
| interaction is required to exploit this vulnerability in that the
| target must visit a malicious page or open a malicious file. The
| specific flaw exists within the parsing of XWD files. The issue
| results from the lack of proper validation of the length of user-
| supplied data prior to copying it to a heap-based buffer. An
| attacker can leverage this vulnerability to execute code in the
| context of the current process. Was ZDI-CAN-27823.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10934
https://www.cve.org/CVERecord?id=CVE-2025-10934
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
[2]
https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.0.4-6.2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Oct 2025 21:13:18 +0100
Source: gimp
Architecture: source
Version: 3.0.4-6.2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1119661
Changes:
gimp (3.0.4-6.2) unstable; urgency=medium
.
* Non-maintainer upload.
* plug-ins: fix ZDI-CAN-27823 (CVE-2025-10934) (Closes: #1119661)
Checksums-Sha1:
1ceb6f36ca560d32a00e6e35ba032b3c36da37b1 4264 gimp_3.0.4-6.2.dsc
1c439e364334c3c9262e35537b389febf1877296 73348 gimp_3.0.4-6.2.debian.tar.xz
0473413f3cc1eb33a373ecb481d9b70d7c68a84d 8450 gimp_3.0.4-6.2_source.buildinfo
Checksums-Sha256:
59526258beaa75244a43052803c2db2b6e6cba56372d069fdb43a667a3e61e4d 4264
gimp_3.0.4-6.2.dsc
af5b916b3c947e59ae2ce20bcd2e157f5d41af1640d4f4b34f57ed3044a8e82c 73348
gimp_3.0.4-6.2.debian.tar.xz
4fc06ece7ec5d2c9dc092879b7b6f43384ab769fdbd256a814eea5db29515aac 8450
gimp_3.0.4-6.2_source.buildinfo
Files:
83fc28d35d8249631c6646f43253ff1f 4264 graphics optional gimp_3.0.4-6.2.dsc
785603464bd9fd08ab4181b8f7e91664 73348 graphics optional
gimp_3.0.4-6.2.debian.tar.xz
525ce3404c1805681d876714122585fa 8450 graphics optional
gimp_3.0.4-6.2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmkDzA1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcKcQAIiWuU/jRV1eUw5tqueWrBfNEC0vkk6H
AOXajc2GDzqaP8J3CpfL7xZOzMk9b2kZPU0lWaxFpvnIP9X6nVHgONYnao2uWM3G
e8Z2bmmPPiOfcZBLy894nBlZ7p+Ao6YotqXrm1XNIgLKBc/82c3lUehDcQWEi4hX
DwZxdJIzug0FxSrNiBrWkIsgo+WyswfSAKTTHqHjswiqipvfNkgJQtWrTFBwjAyc
PIyc5FscV3UD+zqe/FrP538Gs5ZXcEgQuYzwQssosbEmDEOtptb4xVDnuWDulYmE
1EpBxWMg6ZGvRZfD5WbCgjbBo7hb9lcyU8sYq3ucOA71zFda9pbURCWM3aV4J+NM
oW37jNRnhnxh3U7Wi9oUAPNg7Gz/0LB4jw61M5hSGOc4TOHhfYaf81ioO8M2P9qv
ocaRBt0ZvmOFhBFodA2dNb0waf8KPFGDBKNAIR4m4WeX82DG0Jj9h9Zu/ZPt/ZiR
enN8RkqN6C9xwhSLuT4/UiN54uY8CyJR8xg9unNqdMms8fxRNXb3Oq7Ye2VZp71m
e18JuhB+c2q+mf3RAmHAKi1dVZiggFy7bTUfocvBJfYe8Do4QRv2B7qcznMgYfZ5
bqOkjt6dwxEzbj19Dm7rqQbrMb2Z1zK78DaCGG9zOuKOMgtFiCslkIa3OKy6T9lq
MrtCBWsI4wca
=ARPh
-----END PGP SIGNATURE-----
pgp0x5PfmplyF.pgp
Description: PGP signature
--- End Message ---
