Your message dated Wed, 05 Nov 2025 21:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1119661: fixed in gimp 3.0.4-3+deb13u2
has caused the Debian Bug report #1119661,
regarding gimp: CVE-2025-10934
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119661: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.0.4-6.1
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.0.4-3
Hi,
The following vulnerability was published for gimp.
CVE-2025-10934[0]:
| GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows remote attackers
| to execute arbitrary code on affected installations of GIMP. User
| interaction is required to exploit this vulnerability in that the
| target must visit a malicious page or open a malicious file. The
| specific flaw exists within the parsing of XWD files. The issue
| results from the lack of proper validation of the length of user-
| supplied data prior to copying it to a heap-based buffer. An
| attacker can leverage this vulnerability to execute code in the
| context of the current process. Was ZDI-CAN-27823.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10934
https://www.cve.org/CVERecord?id=CVE-2025-10934
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
[2]
https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.0.4-3+deb13u2
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 Oct 2025 00:02:54 +0100
Source: gimp
Architecture: source
Version: 3.0.4-3+deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1119661
Changes:
gimp (3.0.4-3+deb13u2) trixie-security; urgency=medium
.
* CVE-2025-10934 (Closes: #1119661)
Checksums-Sha1:
b8e0f59dc4831320619844eb02c9d41e62fc1bc0 3923 gimp_3.0.4-3+deb13u2.dsc
d559254a7c318f2a320df071ca15ba931a3db8e6 67696
gimp_3.0.4-3+deb13u2.debian.tar.xz
5ebe8e46d82747168d830b3684040fb8cceaaf52 24065
gimp_3.0.4-3+deb13u2_amd64.buildinfo
Checksums-Sha256:
5671c1534cb3bf30f971b7f24a9091967bf1bb3934b0ba67c0f62eab6a61307b 3923
gimp_3.0.4-3+deb13u2.dsc
b04b308e38d036a5bc025eac543e9a9f626a73f98228c5ce8c889267df0e16b9 67696
gimp_3.0.4-3+deb13u2.debian.tar.xz
a5bd620d789a3e414eea645144e7b768f113d5f24132b5dba25ff96441fc5a57 24065
gimp_3.0.4-3+deb13u2_amd64.buildinfo
Files:
0ec139b2ff0dccc7cb99ab2f2c33a8b2 3923 graphics optional
gimp_3.0.4-3+deb13u2.dsc
047ba0ad496ba2090d979123d8804448 67696 graphics optional
gimp_3.0.4-3+deb13u2.debian.tar.xz
c355de825761d66de50ae338ac826d17 24065 graphics optional
gimp_3.0.4-3+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkEoFgACgkQEMKTtsN8
TjaW/hAAsI1DrlLFw2Rb8oTYEe0D8qlc18b647kAfbVYbaCuoENA0wRuK4D1BvvQ
XG4fX8kuSqtb1L+xUZYMbArTA+UHOnIiMgW4Z/QnS/vQP/QQbJmk0aJK/VOikBxj
l9SfaiZpkYaSCWsayT1T6U5Ucovtyies13SAVGhH6v4UI9nhb1D71vZtWK7H9l+F
KtmRF4N34Au/y8LUW0cBXq7e/eKqkv13bPjLib0LuctVOgrPOm3v1MN7aYwuSQzo
WnuBOl1UmURx8CF2edt8MD28T/H7pe/8IPN1ty1N6op/JUCKOL0cQzFYaHu3tkiu
PTUnofvkNo1KiYYSsX30PQWY7E+arvsTpe+IWEjQ5I9QZxIGyezDxW6rpkQphZVJ
FWSwlfyiXSbf2mFlHNMHzeo3UhvLjPye7g0AAB6dYpwYshZh1jwdpp57TWKpV6mV
r6FaMkJJLaJL2kUBnI+9DTFTukBhQaPsB1ZabE1U5Ptl6g/wEqJddM6kPIfhhKfe
4AucqKrv4LC8FoBS5mgJh3+y18uMaMk3DGbvXX8qp49ecE4/cvArpLaRCF1tPAma
FmnMdJal2nEc+k4WViiS8kdwKIOe3K2Q77g38c3Gw47uBN4bVp/+G0E+16qZ+pwH
CBLKJWS40Uc1XHsYc0erKZ2d3ibckWeO5wHrLzge9FlydU+kpsA=
=8Z8U
-----END PGP SIGNATURE-----
pgpq8qSKFUGy_.pgp
Description: PGP signature
--- End Message ---
