[Git][security-tracker-team/security-tracker][master] gimp DSA

Moritz Muehlenhoff (@jmm) Sun, 04 Jan 2026 11:29:48 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
28e51601 by Moritz Mühlenhoff at 2026-01-04T20:28:04+01:00
gimp DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6095,6 +6095,7 @@ CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer 
Overflow Remote Code Exe
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd
 (GIMP_3_2_0_RC1)
 CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution 
Vulnerabili ...)
        - gimp 3.2.0~RC2-1
+       [trixie] - gimp 3.0.4-3+deb13u4
        [bookworm] - gimp <not-affected> (Vulnerable code not present)
        [bullseye] - gimp <not-affected> (Vulnerable code not present, poc 
handled correctly)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1138/
@@ -6103,6 +6104,7 @@ CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free 
Remote Code Execution Vulne
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd
 (GIMP_3_2_0_RC1)
 CVE-2025-14423 (GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code 
Executio ...)
        - gimp 3.2.0~RC2-1 (unimportant)
+       [trixie] - gimp 3.0.4-3+deb13u4
        [bookworm] - gimp <not-affected> (Vulnerable code not present)
        [bullseye] - gimp <not-affected> (Vulnerable code not present)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1137/


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[04 Jan 2026] DSA-6093-1 gimp - security update
+       {CVE-2025-14422 CVE-2025-14425}
+       [bookworm] - gimp 2.10.34-1+deb12u6
+       [trixie] - gimp 3.0.4-3+deb13u4
 [01 Jan 2026] DSA-6092-1 smb4k - security update
        {CVE-2025-66002 CVE-2025-66003}
        [trixie] - smb4k 4.0.0-1+deb13u1


=====================================
data/dsa-needed.txt
=====================================
@@ -24,8 +24,6 @@ frr/oldstable
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
-gimp (jmm)
---
 git-lfs
 --
 jackson-core



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e51601a63cb7e34e39fdea52915ec4e89a842a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e51601a63cb7e34e39fdea52915ec4e89a842a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] gimp DSA

Reply via email to