[Git][security-tracker-team/security-tracker][master] gimp DSA

Tue Oct 28 19:27:42 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c34c30e3 by Moritz Mühlenhoff at 2025-10-28T20:27:02+01:00
gimp DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45791,7 +45791,6 @@ CVE-2025-6052 (A flaw was found in how GLib\u2019s GString manages memory when a
 CVE-2025-6035 (A flaw was found in GIMP. An integer overflow vulnerability exists in  ...)
 	{DLA-4342-1}
 	- gimp 3.0.4-2
-	[bookworm] - gimp <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13518
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/548bc3a46d54711d974aae9ce1bce291376c0436 (GIMP_3_0_4)
 CVE-2025-6030 (Use of fixed learning codes, one code to lock the car and the other co ...)
@@ -65846,7 +65845,6 @@ CVE-2025-2761 (GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution V
 CVE-2025-2760 (GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
 	{DLA-4342-1}
 	- gimp 3.0.4-3 (bug #1107758)
-	[bookworm] - gimp <no-dsa> (Minor issue)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
 	NOTE: Original fix incomplete (for 32bit systems):


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Oct 2025] DSA-6043-1 gimp - security update
+	{CVE-2025-2760 CVE-2025-6035 CVE-2025-10922}
+	[bookworm] - gimp 2.10.34-1+deb12u4
 [28 Oct 2025] DSA-6042-1 webkit2gtk - security update
 	{CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356 CVE-2025-43368}
 	[bookworm] - webkit2gtk 2.50.1-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -24,8 +24,6 @@ frr/oldstable
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
-gimp/oldstable (jmm)
---
 jackson-core
 --
 libreswan/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34c30e3bed3e65be94d5a6d496e6b2e8b472d6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34c30e3bed3e65be94d5a6d496e6b2e8b472d6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251028/4d06d930/attachment-0001.htm>
