[Git][security-tracker-team/security-tracker][master] update gimp references

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a66dd12 by Moritz Muehlenhoff at 2025-06-03T20:19:07+02:00
update gimp references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1432,10 +1432,13 @@ CVE-2025-5222 (A stack buffer overflow was found in Internationl components for
 	NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2c667e31cfd0b6bb1923627a932fd3453a5bac77 (release-77-rc)
 CVE-2025-48796 (A flaw was found in GIMP. The GIMP ani_load_image() function is vulner ...)
 	- gimp 3.0.0~RC1-4
+	[bookworm] - gimp <not-affected> (Vulnerable code not present)
+	[bullseye] - gimp <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368559
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/879
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0dc98936a0d9f5a70025f4e9cf321d1118ea500e (GIMP_2_99_16)
+	NOTE: Introduced in: https://gitlab.gnome.org/GNOME/gimp/-/commit/aa51b9e19ece8a8c54a513fe33b6d65abcb0fbfb (GIMP_2_99_12)
 CVE-2025-48797 (A flaw was found in GIMP when processing certain TGA image files. If a ...)
 	- gimp 3.0.0~RC1-4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368558
@@ -1444,6 +1447,10 @@ CVE-2025-48797 (A flaw was found in GIMP when processing certain TGA image files
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/723d383e57e8f599c4a44ab8541ea6902e29579e (GIMP_3_0_0_RC1)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/2ba35e5b3d43d881b0623f47b8068d9ee19d1d70 (GIMP_3_0_0_RC1)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/1f062867172d5c68b858a6efa3011686aa32bb38 (GIMP_3_0_0_RC1)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/8d309dd0385fdd298520b69148542375f56ef977 (gimp-2-10)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/97f8c2e468cffce70c6772e74cbff8eda4e8c180 (gimp-2-10)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/d7f0829ae995ca7ca9c64851a1ed03b11702ef1c (gimp-2-10)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ffb7cad1a402377927bc2dc62dad324ae03cec92 (gimp-2-10)
 CVE-2025-48798 (A flaw was found in GIMP when processing XCF image files. If a user op ...)
 	- gimp 3.0.0~RC1-4
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368557
@@ -1451,6 +1458,8 @@ CVE-2025-48798 (A flaw was found in GIMP when processing XCF image files. If a u
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/7d949423ed2231dd463968d86b58e0a3e01e6266 (GIMP_3_0_0_RC1)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fe26086e16943860f3852120f546ce913a7a73ee (GIMP_3_0_0_RC1)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7523ed41271e48a909011b8598d496c1be642e2 (GIMP_3_0_0_RC2)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ebf0b569a63f15b5dc7532f16936104af1e09f02 (gimp-2-10)
+	NOTE: "xcf-load: avoid use-after-free for layers with multiple PROP_ACTIVE_LAYER" not needed in 2.10, which only supports one layer
 CVE-2025-5198 (A flaw was found in Stackrox, where it is vulnerable to Cross-site scr ...)
 	NOT-FOR-US: Stackrox
 CVE-2025-5203 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a66dd1261bd7c2dce146b6917de74a014054963

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a66dd1261bd7c2dce146b6917de74a014054963
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250603/3cd6f74b/attachment.htm>