[Git][security-tracker-team/security-tracker][master] Revert "one gimp issue n/a for all released suites"

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 25 06:08:45 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c03afdbe by Salvatore Bonaccorso at 2025-12-25T07:05:34+01:00
Revert "one gimp issue n/a for all released suites"

This reverts commit fbe0e0b8e47872cf251c341b412ad0488af9f92b.

As per https://gitlab.gnome.org/GNOME/gimp/-/issues/15285 in the report
the file file-jp2.c is renamed in the 19c57a9765ac ("plug-ins: Add
support for JPEG 2000 export") upstream commit.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1865,13 +1865,9 @@ CVE-2025-14488 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Pr
 	NOT-FOR-US: RealDefense
 CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
 	- gimp 3.2.0~RC2-1
-	[trixie] - gimp <not-affected> (Vulnerable code not present)
-	[bookworm] - gimp <not-affected> (Vulnerable code not present)
-	[bullseye] - gimp <not-affected> (Vulnerable code not present)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1139/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15285
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd (GIMP_3_2_0_RC1)
-	NOTE: Introduced in: https://gitlab.gnome.org/GNOME/gimp/-/commit/19c57a9765ac3451c9cde94ccb06bec5ae06fbd8 (GIMP_3_1_2)
 CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerabili ...)
 	- gimp 3.2.0~RC2-1
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1138/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c03afdbe4186101d78c489bd81421980016c8206

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c03afdbe4186101d78c489bd81421980016c8206
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251225/87c10680/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list