[Git][security-tracker-team/security-tracker][master] Convert CVE-2025-8672 to NFU

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad25931a by Salvatore Bonaccorso at 2025-08-13T08:57:48+02:00
Convert CVE-2025-8672 to NFU

The issue is not directly associated to src:gimp and packages for MacOS
are as well external projects to Gimp itself.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -730,7 +730,9 @@ CVE-2025-8837 (A vulnerability was identified in JasPer up to 4.2.5. This affect
 	NOTE: https://github.com/jasper-software/jasper/issues/402
 	NOTE: https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a
 CVE-2025-8672 (MacOS version of GIMP bundles a Python interpreter that inherits the T ...)
-	- gimp <not-affected> (MacOS-specific)
+	NOT-FOR-US: gimp-macos-build
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13848
+	NOTE: https://gitlab.gnome.org/Infrastructure/gimp-macos-build/-/merge_requests/389
 CVE-2025-8285 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
 	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-7679 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad25931ad72eb033896488baaf7a718b31779ac2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad25931ad72eb033896488baaf7a718b31779ac2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/d2dff6a2/attachment-0001.htm>