Your message dated Fri, 14 Nov 2025 16:02:50 +0000
with message-id <[email protected]>
and subject line Bug#1119661: fixed in gimp 2.10.34-1+deb12u5
has caused the Debian Bug report #1119661,
regarding gimp: CVE-2025-10934
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119661: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.0.4-6.1
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.0.4-3
Hi,
The following vulnerability was published for gimp.
CVE-2025-10934[0]:
| GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows remote attackers
| to execute arbitrary code on affected installations of GIMP. User
| interaction is required to exploit this vulnerability in that the
| target must visit a malicious page or open a malicious file. The
| specific flaw exists within the parsing of XWD files. The issue
| results from the lack of proper validation of the length of user-
| supplied data prior to copying it to a heap-based buffer. An
| attacker can leverage this vulnerability to execute code in the
| context of the current process. Was ZDI-CAN-27823.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10934
https://www.cve.org/CVERecord?id=CVE-2025-10934
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
[2]
https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 2.10.34-1+deb12u5
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 Oct 2025 00:20:11 +0100
Source: gimp
Architecture: source
Version: 2.10.34-1+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1119661
Changes:
gimp (2.10.34-1+deb12u5) bookworm-security; urgency=medium
.
* CVE-2025-10934 (Closes: #1119661)
Checksums-Sha1:
4ba5c1e1ff13051afc9713fb87090c1de9906c65 3534 gimp_2.10.34-1+deb12u5.dsc
439e88167f57b2e723f9a06c666de2f78ca3b03f 71888
gimp_2.10.34-1+deb12u5.debian.tar.xz
7c025015f12cb64fd5c899306d6e102b0caf0c84 21962
gimp_2.10.34-1+deb12u5_amd64.buildinfo
Checksums-Sha256:
fa66252b9de64351df9f0a724299b1371464446ca8bc6fcb4289de2889923658 3534
gimp_2.10.34-1+deb12u5.dsc
06da4e868679d10fcc86fd70ca3fe60af36e6415e8c39243c694e1100a252501 71888
gimp_2.10.34-1+deb12u5.debian.tar.xz
3a07e7ee1d78cb3f13bd374dda1942e89abeded47ba71384deb409d5571aa306 21962
gimp_2.10.34-1+deb12u5_amd64.buildinfo
Files:
90da06b853a526adfd7b70eb23d288be 3534 graphics optional
gimp_2.10.34-1+deb12u5.dsc
47abc4d0940083d47324021971f4ac33 71888 graphics optional
gimp_2.10.34-1+deb12u5.debian.tar.xz
eccdc3d66a1d4f955459a0586716a1a3 21962 graphics optional
gimp_2.10.34-1+deb12u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkD+KYACgkQEMKTtsN8
TjZayRAAsSIocSmGDfSwid2gQyw5bYfPMOco1RuKXxEjPsmrxaOBdmbMnYvnx7rM
i2+mdTVYnpDXH7YjX/av3XSIbKu3F9TIp0J5WkZmvKp8pdcCkXr+k/yGEIm0HSTR
wPWxYfXO2RBn7q2AR9K49JKAvCuXCRsGDkHAYBz1EQsSTBB5dWmL4mXAPDNBx3/i
GiEd593TOzP1v+9SVpe23aLZkzH7PaO0lX97+ILxTMh1aj8qMb+7w1E18KukNgDq
sU2DD2Nd5rqclsWPg1Pc8wU4KzAYjAlV2UA6XLyg5WM+HnqB9N7Fjq6GCKx7lkQO
ltOi7wUqokxs04qj8Q6bdgmwcey1tpmOC0Cam8nsTdLF7LNIn3y+IcVulCdolf3D
Cjy4EkedluOiMYIjeDQCOGTQcjmdazcYNgrje6ggUi0cf//KMR/GdNtCa0rc+KNb
DVWt+44zmjQHOuYF2UmZv+4QyvLaJgyddzRRqKHO9jXcen1gX3D7O1Q6cLH6xA4y
Ah8i8taBeu7kRAcLTlDiNaECoYp9djtXGXbKiHKNmS2XUIi5DrABlKwiSa2fDqWW
APRH7d8Vqj2RZJWzwxLi25BcWZxxTIAR5dlA5iMnJTtE4UBDZMw39RyYG7ANkk7Y
U5OZZf5g+MvWrkQrCD4MkLNryIcPz6kPNznF+Nef7gSMSeESNxw=
=K+QK
-----END PGP SIGNATURE-----
pgpnFooM32Y3i.pgp
Description: PGP signature
--- End Message ---
