it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5939-1] gimp security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5939-1] gimp security update
Date: Fri, 6 Jun 2025 18:28:10 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/aEMzOjF/zRPwIQlp AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=zgu0dsToArKTrih8vKUz3p9yEGoX8t844B6ptC+HxH8=; b=Rf XWM7tMl9ksp/doF+0l2DwGPeN4U4u/RG96oc/OrZICHrsinT1+/njNcBDh3MrXbYNTEsin3s+Lz/l 1tfmY3mCjvAfjs9IF3vIIRQY8k54LXkcoHX5Ex4xrwuOqQDnzmxnBXqfFtdLLqYEGPb3wRw1r9Nkc 5V4nGZY9o8JS3gmRdleo1AoOBB3Ex0C3RTeE40wWPxuXipSjMSCdIrfbKB+O+3P5BY+W36AO7mSDq S83KaetcgvRDLZ8dwbMEvQ1pC5q4pREbPyMRZwkJCKexNmm2sqZWifMeXYw/wsNqcGiy6urqfkN9o iiki3YmT1wsgk5qg8zFQ1Nc2LYm/XzXQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 6 Jun 2025 18:28:37 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <cOoRl32MheO.A.cDUH.VNzQoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5939-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 06, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gimp
CVE ID : CVE-2025-2760 CVE-2025-2761 CVE-2025-48797 CVE-2025-48798

Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed XCF, TGA, DDS,
FLI or ICO files are opened.

For the stable distribution (bookworm), these problems have been fixed in
version 2.10.34-1+deb12u3.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhDMPAACgkQEMKTtsN8
TjYZog//Y+fBhDHTD+OKgHGvsDGMaXA5chzKvfBg+GPdn2/m3Yx7FBUWW7NS2MNF
HhR2pgK6ya/dxMTTpX5fZNdXlzukS8yWInW8wxSCzdxfaHiy/sR03OPu0xwrXUKa
7kGOkQ1bmeIoGwiGIbiTL0f+sn70bV0peul4uQl9pIcdYJUyoSD5JgcjqTKOMb0B
2J43B25K2WTFmnQJUSnMIfzRx2AvnUHjJ0L35z72FkPkV+gdCpzGjPn1mmmaEICP
EUEbtUlIQ9RRK+GSKZB9MHUKI3BB095b0XhIFKghz9cM4v18+8eXFzdWeMSOZz5+
50R7BuIl+hEwPvdLbdCJU6uJPmkbyfaKGyS9N69tk+tms9t4my7IJxmG+8H7aWDM
0S7F9LMlTtn88W9FCZD6YELwJ4g4YBIfJdLQpLix2u5DDupUha6AQSVTBcMDnI3a
4/hFecpwFN4FP1xLKmK19qC7BfwAFVytjYuPyEXD70hpEZXlqNR1sV6Ltq0Xv85o
VxusD0JtOxw1GwLaTKk77ToTEsL9zrqUHsuFii3RaF+22joInyo5UUZuf633px1x
KJAH8Skd+QgEbl/rOAIIHHvdqCvBKfMbX1TKhnFvNtgmnUiyRbU68AxrBV4M2opL
TC81lFn9mjMI7oK6Pql/Zy6iyS80ztmS+ufIxnH0OK4v2DC6rhA=
=buNF
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5939-1] gimp security update, Moritz Muehlenhoff, 06.06.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.