Your message dated Sat, 31 Jan 2026 15:20:57 +0000
with message-id <[email protected]>
and subject line Bug#1126267: fixed in gimp 3.2.0~RC2-3.1
has caused the Debian Bug report #1126267,
regarding gimp: CVE-2025-15059
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.2.0~RC2-3
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2025-15059[0]:
| GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows remote attackers
| to execute arbitrary code on affected installations of GIMP. User
| interaction is required to exploit this vulnerability in that the
| target must visit a malicious page or open a malicious file. The
| specific flaw exists within the parsing of PSP files. The issue
| results from the lack of proper validation of the length of user-
| supplied data prior to copying it to a heap-based buffer. An
| attacker can leverage this vulnerability to execute code in the
| context of the current process. Was ZDI-CAN-28232.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-15059
https://www.cve.org/CVERecord?id=CVE-2025-15059
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
[2] https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
[3]
https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.2.0~RC2-3.1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Jan 2026 13:53:39 +0100
Source: gimp
Architecture: source
Version: 3.2.0~RC2-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Extras Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1126267
Changes:
gimp (3.2.0~RC2-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp
(CVE-2025-15059) (Closes: #1126267)
Checksums-Sha1:
cf44a62ea7daf53e3d150e26feccfaaba794267d 4427 gimp_3.2.0~RC2-3.1.dsc
242ed4323e9eb499f1d3c87a1ce4fe764ceaf483 66600 gimp_3.2.0~RC2-3.1.debian.tar.xz
7fe1d3e41b1b311bf3a055f35050779a7f5866b9 8661
gimp_3.2.0~RC2-3.1_source.buildinfo
Checksums-Sha256:
130841dc97de169dfcd7e3b06640fbda163c24ee4e971d53ed3c79e00dfff44f 4427
gimp_3.2.0~RC2-3.1.dsc
cc99069b0753e3ebb27668dabfe24eedd9cc412f84371dfa9165e0efac471863 66600
gimp_3.2.0~RC2-3.1.debian.tar.xz
afb1efeb345dd297209362049b41b919b05608fe7b111f5dcec208b9693396b0 8661
gimp_3.2.0~RC2-3.1_source.buildinfo
Files:
ae2d248cc6c7df2fefb8b80f7455d1ba 4427 graphics optional gimp_3.2.0~RC2-3.1.dsc
4a064b7721c75ca258bc678116085229 66600 graphics optional
gimp_3.2.0~RC2-3.1.debian.tar.xz
987ceda8be82aff7004b2ec765e87fc4 8661 graphics optional
gimp_3.2.0~RC2-3.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAml+AzpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQV4P/RDOCQdzDIzMlb/kWHbMQzhcGP6c8gMK
saIHAmG+ukgqjgJC0WzRRl9yeDbySTrfmPwwdK7FHrLLGbTlBWRudIuv7SFwYqo6
hK1OeHkixCxuNRgyktVMhbpGQIU0i6VwOdpjye9iCGXZWb2t9zt7yDACKdw/S1Bu
V6YTf4y3hRRmvrnV5Rjz1hCa9bUwhwoYIv0ZwjipVjDG4lFT4qCq0ue8Ff4KgufL
G27eiRid+0adExJB67eIKYVXuOn2WK/4e6Yzj9L/tqs4uLlxB/LhLWV0epN2SQsk
EHD8vXHa5GVEroU5KbRwjWrFZbKVCgD+LFl+z1eytfSCn5292GTGCaGx1nmQMN9r
MnQgoQHeiUCXmNhEfHbhbiNWRgedkzBGt/qGwaYbmZ1M/07ClnuWG7o48J3NK36S
/gM807BdJbKMfumTo/kiqiAinqcqH5c5QR1ZpGiYEg2jE830gcYBbUhKwLU/0NVb
7lxb0HSpTwKgOgc+DTRTrUAI0rQyQtb7VxFNtoF18CuFhMTAP5+Pzp3ivr4yTD8K
8Hk62tMMyheHgKCW47ZbL/epbo/i5WY+Ryc+mUCX05VcLds0gg1IWpSGPHhekdRW
6okwKke0zCf5cfFcgcYiAEhm1fWFKMJA6GkwGhzMObdXHrpPI47AyGoy8h5ACWig
bSISr+hxZtsz
=L/Vx
-----END PGP SIGNATURE-----
pgp_mGEpRDO2x.pgp
Description: PGP signature
--- End Message ---
