[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-0797/gimp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 21 19:36:30 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55d99909 by Salvatore Bonaccorso at 2026-02-21T20:35:57+01:00
Update status for CVE-2026-0797/gimp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -216,9 +216,14 @@ CVE-2026-25896 (fast-xml-parser allows users to validate XML, parse XML to JS ob
CVE-2026-24892 (openITCOCKPIT is an open source monitoring tool built for different mo ...)
NOT-FOR-US: openITCOCKPIT
CVE-2026-0797 (GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
- - gimp <undetermined>
+ - gimp <unfixed>
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-050/
- TODO: check, unclear fix, reference to gimp commit seems incorrect
+ NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555
+ NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2583
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/c54bf22acb04b83ae38ed50add58f300e898dd81
+ NOTE: Followup: https://gitlab.gnome.org/GNOME/gimp/-/commit/905ce4b48782c5e71c79714b7ba7f6ebe4d0329d
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ca449c745d58daa3f4b1ed4c2030d35d401a009d (GIMP_3_0_8)
+ NOTE: Followup: https://gitlab.gnome.org/GNOME/gimp/-/commit/13849c5a9a65c2366c47f703d9d075e4bfb83525 (GIMP_3_0_8)
CVE-2026-0777 (Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnera ...)
NOT-FOR-US: Xmind
CVE-2025-62326 (HCL Digital Experience is susceptible to stored cross-site scripting ( ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d99909b48f9798aa043abf055760c4f0448c83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55d99909b48f9798aa043abf055760c4f0448c83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260221/1f1d33d8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list