[Git][security-tracker-team/security-tracker][master] Reserve DLA-4342-1 for gimp

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Wed Oct 22 13:57:14 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99c4d396 by Sylvain Beucler at 2025-10-22T14:52:53+02:00
Reserve DLA-4342-1 for gimp

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Oct 2025] DLA-4342-1 gimp - security update
+	{CVE-2025-2760 CVE-2025-2761 CVE-2025-5473 CVE-2025-6035 CVE-2025-10922 CVE-2025-48797 CVE-2025-48798}
+	[bullseye] - gimp 2.10.22-4+deb11u3
 [22 Oct 2025] DLA-4341-1 gegl - security update
 	{CVE-2021-45463 CVE-2025-10921}
 	[bullseye] - gegl 1:0.4.26-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -112,18 +112,6 @@ gdk-pixbuf
   NOTE: 20250924: into trixie. Will ping smvc to see if we can move forward. If
   NOTE: 20250924: so, I'll claim it. (charles)
 --
-gimp (Sylvain Beucler)
-  NOTE: 20250410: Added by Front-Desk (Beuc)
-  NOTE: 20250410: CVE-2025-2760 may need a custom patch as upstream now focuses on gimp3,
-  NOTE: 20250410: doesn't plan a gimp2 fix, and gimp3 is not affected (rewritten).
-  NOTE: 20250509: Fix suggestion: (Beuc/front-desk)
-  NOTE: 20250509: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790#note_2328950
-  NOTE: 20250616: In discussion with upstream regarding CVE-2025-2760 (bunk)
-  NOTE: 20251002: Wrote a fix for CVE-2025-2760, reported new CVEs, backporting the other ones (Beuc)
-  NOTE: 20251002: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790#note_2558909
-  NOTE: 20251012: Backporting and testing more fixes for 2.10 (Beuc)
-  NOTE: 20251012: https://lts-team.pages.debian.net/wiki/TestSuites/gimp.html
---
 golang-github-gorilla-csrf
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250422: Need to binNMU reverse depends (in that order): golang-github-alecthomas-chroma, golang-github-niklasfasching-go-org, golang-github-yuin-goldmark-highlighting, hugo (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c4d396a4ca37425efe70c413029d7b03445b1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c4d396a4ca37425efe70c413029d7b03445b1a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251022/c40b8bf2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list