it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 6018-1] gegl security update
- Date: Fri, 3 Oct 2025 13:22:38 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; dmarc=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
- List-archive: https://lists.debian.org/msgid-search/aN_OHpP_nFO96u8l AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=htd/uVR0P+NDlxuPOkvTGuy52FkG8b4ewLkzWtFqMIc=; b=pz gLJfq11CRXDuztZScqrA8mmfOaQ1bziRFJgIl97MMl9Bix4+B8RtX6XVXv6clWLJ9USnGfy+EIrCv CtHnRCdd1FcXe8hsa1mRGD+pHxaK4J/Azq8UGIfNK9nxRbbsP7dfuft4J1nZ2SPRlj8gSBDFODVtE 42DfC3PfHqsbcIWFyQnfZqXqrej/Z9feKH5MoYw1dWLHcfgTRn55DxTyIfWU7xCdy7Zs8S+aDVQzv 0566jy3lFgD8RP7zXz2+QL16bS1wsD21W8R0Bxy5JB+bWIH2yhf+pcUK4TkENXyZ6qefSDy7LgoAi NPcXfGiPugq92mZnkgt/SNdRwNOgjxew==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Fri, 3 Oct 2025 13:23:00 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <QY4kefZuppM.A.gIv.0483oB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6018-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 03, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gegl
CVE ID : CVE-2025-10921
A buffer overflow was discovered in the RGBE/HDR parser of GEGL, a
graph-based image processing library, which could result in denial of
service or the execution of arbitrary code if malformed files are
processed.
For the oldstable distribution (bookworm), this problem has been fixed
in version 1:0.4.42-2+deb12u1.
For the stable distribution (trixie), this problem has been fixed in
version 1:0.4.62-2+deb13u1.
We recommend that you upgrade your gegl packages.
For the detailed security status of gegl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gegl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjfzQoACgkQEMKTtsN8
Tja/dRAAjvi0fdNO+GJme+yw9DqfRLU5adqJlt+S1Pff2+3p9ZhtvfIuEojUfvdZ
CEH8XjCyUgB/5b6ZxXe0UfZ8TBUa7X5NusNIv9IQy3hOe0cKizTJx9h3AYGcOnMJ
D8nx/qKv0h4fxPlomlAEmfYnwIHRuzVgUc2GR/SLM5RPWjZv0325Za56BYhis82N
r89FKcZ6CgXN1lRxe115HAhxbsOWcOMC+a4r5mTANOmvsNiDaXHdpe6TpZuWOUMV
2huZSeujSl3flgm9eVnb97uKJ66sM4oWCmC6n7Dm9pSZFGJ/QKew7SrsTTtImLTh
t4GSIC3P88e1CWuGtULR5mfbk+P78EJ279AqKPgpIuP8OJG8YPirR2YCXdwaykwe
pbtNmY5Lyo2KxiDOAOvKTmVYHO2Hx9FJELD7okNi1E7FxDziZ4GgCfsDxkoJtQic
1woGL2K5Yhhw6iuI6B1v0WhUyU+1s9DspJ/u17u1heL2xtHqEcl2u3+gLTk56HlZ
2OenPfEVkYR2b1w2ATTFZrwv/2IWWzYOdPTojjhcVPmYaCaEKuZIco90gB/nU4Q+
pETt6mK0HJH62ux76iB5GIoTFmTmfSD5DOUVgIzMj+XL6kZBPsBIzuWRUk5BXuTb
vB5efCArLT4NnYMjscQhMpP1uttAGeawcE5nGGtu/goAr29QRRw=
=/jtZ
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 6018-1] gegl security update, Moritz Muehlenhoff, 03.10.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.