Your message dated Mon, 29 Sep 2025 20:36:52 +0000
with message-id <[email protected]>
and subject line Bug#1116461: fixed in gimp 3.0.4-6.1
has caused the Debian Bug report #1116461,
regarding gimp: CVE-2025-10924
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116461
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.0.4-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2025-10924[0]:
| ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code
| Execution Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10924
https://www.cve.org/CVERecord?id=CVE-2025-10924
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
[2] https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
[3]
https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.0.4-6.1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Sep 2025 20:57:32 +0200
Source: gimp
Architecture: source
Version: 3.0.4-6.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1116458 1116459 1116460 1116461
Changes:
gimp (3.0.4-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* plug-ins: Fix ZDI-CAN-27684 (CVE-2025-10920) (Closes: #1116458)
* plug-ins: fix dicom plug-in ZDI-CAN-27863 (CVE-2025-10922)
(Closes: #1116459)
* plug-ins: fix ZDI-CAN-27878 (CVE-2025-10923) (Closes: #1116460)
* plug-ins: Fix ZDI-CAN-27836 (CVE-2025-10924) (Closes: #1116461)
Checksums-Sha1:
c9984c14d18e79bcf5699389c31e5288f4a0fe19 4264 gimp_3.0.4-6.1.dsc
e24ec9de13c838bf9fc09f98cd1819b852b7c5b1 72884 gimp_3.0.4-6.1.debian.tar.xz
20a54f85d36d3ddb11c77680ac3ef6b8bf463d8e 8406 gimp_3.0.4-6.1_source.buildinfo
Checksums-Sha256:
779e7588eed2811c23c706e24a0c039df8d7300cf0d0ff243afc38eeadff16bb 4264
gimp_3.0.4-6.1.dsc
5d9a36f47894c8ad5a56fce59bb936388b581c3788eb1a21d3771cbcee2a74a2 72884
gimp_3.0.4-6.1.debian.tar.xz
9f41a0fab24090c7541d9f93b396efc326e2ee7ab61fbe62a98674a4c1e45b23 8406
gimp_3.0.4-6.1_source.buildinfo
Files:
d6c78cf30fbf1089f9bc4b61b4efd9eb 4264 graphics optional gimp_3.0.4-6.1.dsc
cccefdf2fad1240f57f9373bd3ffedfb 72884 graphics optional
gimp_3.0.4-6.1.debian.tar.xz
58b36d8c0852ed2c86d888d55784bfb3 8406 graphics optional
gimp_3.0.4-6.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmja3s1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWjUP/idr3QgVdYMniWgXQVVyLIS8Mg6DVsar
cE9vV6tSIYz4t/iTOZpFpJWm+nQ8GLjI5rozF1LyzvldcYbJDFBdHKQrQTc5Bx+n
yKFR5sk1gOVIshxsjFUoi8Ru6GuvXJlaRIw9mUYxql3q5WOTbDAFlXLN96O7pQdT
RspSK4utaOPpEslISWyOPV4TzLKuFyJmIZyEo/6Cs6Aa8VeadA5IZ6q1/XOY53LY
tHY8PhzLPW5bWhwbdaY0zhmfEd8jr0B+h7w+j4D0OS7GX0alXIaneqgf21BwCUIT
TF4o/VKdUzOSo1ANUEy7lyUNeJbyriiP3o+NeFaq6JfqZpY9YO+9o3CKV+be4vNt
09Ka+jSgg61nB65aXjYXmlZHb0zYvBCbHji6nHbclc8+x7mqZH98xw0Vl/oEDKT/
qp2d51MOqQyO6x8DMVFhkgd9VHfHmUa35unOA0bOLj2d1RCiMxXKaepesQkvJMCk
FOiB4lMZv1YmqBLRVQhLpwWyN5kguovsIPrx6mURleEvgfdIfW1g6mMN27foTP4+
a+BfexaqBc/e3NCtBWwJcY3xHxXaH5pDuz1B/wq/sg57blNKXoIvNiHW/eN6nddD
7Y6sXwo0BGF4TQKZFlvr1KctknOOJi8+vQFxjzTnl7BICr2EvCQsuIFiBfdbSM+c
DD2ZICav2/va
=hNqb
-----END PGP SIGNATURE-----
pgpJdH49I0zEk.pgp
Description: PGP signature
--- End Message ---
