diffstat for gimp-3.0.4 gimp-3.0.4

 changelog                                |    7 ++++
 patches/plug-ins-fix-ZDI-CAN-27823.patch |   50 +++++++++++++++++++++++++++++++
 patches/series                           |    1 
 3 files changed, 58 insertions(+)

diff -Nru gimp-3.0.4/debian/changelog gimp-3.0.4/debian/changelog
--- gimp-3.0.4/debian/changelog	2025-09-29 20:57:32.000000000 +0200
+++ gimp-3.0.4/debian/changelog	2025-10-30 21:13:18.000000000 +0100
@@ -1,3 +1,10 @@
+gimp (3.0.4-6.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * plug-ins: fix ZDI-CAN-27823 (CVE-2025-10934) (Closes: #1119661)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 30 Oct 2025 21:13:18 +0100
+
 gimp (3.0.4-6.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch
--- gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch	1970-01-01 01:00:00.000000000 +0100
+++ gimp-3.0.4/debian/patches/plug-ins-fix-ZDI-CAN-27823.patch	2025-10-30 21:12:37.000000000 +0100
@@ -0,0 +1,50 @@
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Wed, 3 Sep 2025 18:37:26 -0400
+Subject: plug-ins: fix ZDI-CAN-27823
+Origin: https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c
+Bug: https://gitlab.gnome.org/GNOME/gimp/-/issues/14814
+Bug-Debian: https://bugs.debian.org/1119661
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-10934
+
+GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution
+Vulnerability.
+
+Check offset in colormap is valid before writing to it.
+
+Closes #14814
+
+(cherry picked from commit 4eb106f2bff2d9b8e518aa455a884c6f38d70c6a)
+---
+ plug-ins/common/file-xwd.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
+index 8d013397be69..c4c41e5bea7e 100644
+--- a/plug-ins/common/file-xwd.c
++++ b/plug-ins/common/file-xwd.c
+@@ -1683,9 +1683,20 @@ load_xwd_f2_d16_b16 (GFile           *file,
+           greenval = (green * 255) / maxgreen;
+           for (blue = 0; blue <= maxblue; blue++)
+             {
++              guint32 offset = ((red << redshift) + (green << greenshift) +
++                                (blue << blueshift)) * 3;
++
++              if (offset+2 >= maxval)
++                {
++                  g_set_error (error, GIMP_PLUG_IN_ERROR, 0,
++                               _("Invalid colormap offset. Possibly corrupt image."));
++                  g_free (data);
++                  g_free (ColorMap);
++                  g_object_unref (buffer);
++                  return NULL;
++                }
+               blueval = (blue * 255) / maxblue;
+-              cm = ColorMap + ((red << redshift) + (green << greenshift)
+-                               + (blue << blueshift)) * 3;
++              cm = ColorMap + offset;
+               *(cm++) = redval;
+               *(cm++) = greenval;
+               *cm = blueval;
+-- 
+2.51.0
+
diff -Nru gimp-3.0.4/debian/patches/series gimp-3.0.4/debian/patches/series
--- gimp-3.0.4/debian/patches/series	2025-09-29 20:56:26.000000000 +0200
+++ gimp-3.0.4/debian/patches/series	2025-10-30 21:12:43.000000000 +0100
@@ -4,3 +4,4 @@
 plug-ins-fix-dicom-plug-in-ZDI-CAN-27863.patch
 plug-ins-fix-ZDI-CAN-27878.patch
 plug-ins-Fix-ZDI-CAN-27836.patch
+plug-ins-fix-ZDI-CAN-27823.patch