[Git][security-tracker-team/security-tracker][master] gimp DSA

Sun Jan 4 19:29:36 GMT 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28e51601 by Moritz Mühlenhoff at 2026-01-04T20:28:04+01:00
gimp DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6095,6 +6095,7 @@ CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Exe
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd (GIMP_3_2_0_RC1)
 CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerabili ...)
 	- gimp 3.2.0~RC2-1
+	[trixie] - gimp 3.0.4-3+deb13u4
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present, poc handled correctly)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1138/
@@ -6103,6 +6104,7 @@ CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulne
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd (GIMP_3_2_0_RC1)
 CVE-2025-14423 (GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Executio ...)
 	- gimp 3.2.0~RC2-1 (unimportant)
+	[trixie] - gimp 3.0.4-3+deb13u4
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1137/


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[04 Jan 2026] DSA-6093-1 gimp - security update
+	{CVE-2025-14422 CVE-2025-14425}
+	[bookworm] - gimp 2.10.34-1+deb12u6
+	[trixie] - gimp 3.0.4-3+deb13u4
 [01 Jan 2026] DSA-6092-1 smb4k - security update
 	{CVE-2025-66002 CVE-2025-66003}
 	[trixie] - smb4k 4.0.0-1+deb13u1


=====================================
data/dsa-needed.txt
=====================================
@@ -24,8 +24,6 @@ frr/oldstable
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
-gimp (jmm)
---
 git-lfs
 --
 jackson-core



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e51601a63cb7e34e39fdea52915ec4e89a842a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e51601a63cb7e34e39fdea52915ec4e89a842a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260104/70adcd84/attachment.htm>
