Your message dated Thu, 29 Jan 2026 18:47:17 +0000
with message-id <[email protected]>
and subject line Bug#1126267: fixed in gimp 3.0.4-3+deb13u5
has caused the Debian Bug report #1126267,
regarding gimp: CVE-2025-15059
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.2.0~RC2-3
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2025-15059[0]:
| GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows remote attackers
| to execute arbitrary code on affected installations of GIMP. User
| interaction is required to exploit this vulnerability in that the
| target must visit a malicious page or open a malicious file. The
| specific flaw exists within the parsing of PSP files. The issue
| results from the lack of proper validation of the length of user-
| supplied data prior to copying it to a heap-based buffer. An
| attacker can leverage this vulnerability to execute code in the
| context of the current process. Was ZDI-CAN-28232.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-15059
https://www.cve.org/CVERecord?id=CVE-2025-15059
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
[2] https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
[3]
https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.0.4-3+deb13u5
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 24 Jan 2026 18:20:47 +0100
Source: gimp
Architecture: source
Version: 3.0.4-3+deb13u5
Distribution: trixie-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1126267
Changes:
gimp (3.0.4-3+deb13u5) trixie-security; urgency=medium
.
* CVE-2025-15059 (Closes: #1126267)
Checksums-Sha1:
b795f7c2d743de793e60cd5f749538a56894beaf 3923 gimp_3.0.4-3+deb13u5.dsc
195ca6e23d7c5dac83a41d9f5572f411fcb1e980 69804
gimp_3.0.4-3+deb13u5.debian.tar.xz
a83dc8c016d28bd21a3af5c9372155f39a91e6fb 24257
gimp_3.0.4-3+deb13u5_amd64.buildinfo
Checksums-Sha256:
491fd207d51cb728714cbe09f9c81f4ccf95511c83f99d9d4dcf14f295469099 3923
gimp_3.0.4-3+deb13u5.dsc
56a7450716357fe6c7ce8540b921ddb9b33a7e4ce838fb0acf7679fbd68109f0 69804
gimp_3.0.4-3+deb13u5.debian.tar.xz
ea065b1a86d97a061b0b1c3d364661195cf7f8a06e56631dfa1186e502c151f2 24257
gimp_3.0.4-3+deb13u5_amd64.buildinfo
Files:
5c7a0ded939a3e4b8ec0fc948e9716ec 3923 graphics optional
gimp_3.0.4-3+deb13u5.dsc
34ddc21717862a3ecdff4cc19b229307 69804 graphics optional
gimp_3.0.4-3+deb13u5.debian.tar.xz
7d7e3822349ee6d7f6cd052fc6562101 24257 graphics optional
gimp_3.0.4-3+deb13u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAml2C+AACgkQEMKTtsN8
Tjbgcw/+N3M8eLjt5NUH73fRxzZrjXJ5KhFsPax9lom61mY3//9py5HPF0K4e074
XeiJ1G6/3QKEfq8Gjrtw8htgRLinE34gtP8iyWGKtxmbfldaDu2ncBZxgCaWvjwY
34oI3Vca2CacOOgzJsQ7GDcgVEL8brkYpQOGfPtspbuBa11I+OtmEja7br4uCFpT
GEChpgmuLj1iHezWH33SvPai0VUhgTlzJ+ElICVu8nsJaaK3N8Kj0FD/KIFsD0/S
ljYT7/8RVuaaz+PK38zrdbdsh8AT51+f0KSyKFKM2VovozBoUApCXmGjh2UWu/aq
dDrp2EWJxN96FoGO2GXGbN62fFhjhA7StNxPUwmPwrS6UqnJi94b5o4nI/+zqD/K
yTJNUTsFpah5AqAoEKsIWFlU3AA2EVa3g/NVJNZYfKZsag4umpAhFpfeDXCQ6qtS
bZ56kC8WTc1TJf4h8/t0BHV+bwHnr5V5xAAYEhFrF7W/+4Q6idaJ+zG66BOJHgLP
halKOeYkxMmlH7/KrESCkqnAxwCh5qwGBinsVNyIMKFJz75G9FCWV9AGn3WEAKI+
XgnDd3QpI/XQN22oDMerwE6eAO7fLWZN+keeDgQPmsAiR1IyHluwSHUJO8FDB4gm
kWQNihzutN0zmHfAW8V0WgulAxCdj5nyZR6JOjQAY6euLSi21mg=
=BJN0
-----END PGP SIGNATURE-----
pgpQMW2Kc5cfx.pgp
Description: PGP signature
--- End Message ---
