summaryrefslogtreecommitdiffstats
path: root/meta-gnome
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-03-05 12:07:08 +0100
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-03-24 08:47:04 +0530
commit3dd2d0dc9876d62e5d6a785027675eb6620abac0 (patch)
tree2515f11e05c353f32bfdf375ec7f5b16bf8c04d9 /meta-gnome
parent50d7ec475b2f088baa568b88c0504048a0b557fd (diff)
downloadmeta-openembedded-3dd2d0dc9876d62e5d6a785027675eb6620abac0.tar.gz
gimp: patch CVE-2025-2761
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761 Pick the patch from the relevant upstream bug[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-gnome')
-rw-r--r--meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch34
-rw-r--r--meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb1
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch
new file mode 100644
index 0000000000..670f6d9269
--- /dev/null
+++ b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch
@@ -0,0 +1,34 @@
1From 658a8a07b831b82bd9e9592c18f21e4d4d7392af Mon Sep 17 00:00:00 2001
2From: Alx Sa <cmyk.student@gmail.com>
3Date: Mon, 10 Mar 2025 04:07:44 +0000
4Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in
5
6Resolves #13073
7This patch adds a check to make sure we're not
8writing beyond the bounds of the "pos" array.
9This is the same check that we do earlier when
10writing pos[xc++], but it was left off of the last
11write command. Since "n" will be 0 if we get to the
12end of the array, it prevents us from writing beyond
13that.
14
15CVE: CVE-2025-2761
16Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c]
17Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
18---
19 plug-ins/file-fli/fli.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
23index c2e28e4..209b5ec 100644
24--- a/plug-ins/file-fli/fli.c
25+++ b/plug-ins/file-fli/fli.c
26@@ -1026,7 +1026,7 @@ fli_read_lc_2 (FILE *f,
27 xc += len << 1;
28 }
29 }
30- if (lpf)
31+ if (lpf && xc < n)
32 pos[xc] = lpn;
33 yc++;
34 }
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index afb1cd69e5..a04b3d0e4c 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -53,6 +53,7 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
53 file://CVE-2025-15059.patch \ 53 file://CVE-2025-15059.patch \
54 file://CVE-2025-2760-1.patch \ 54 file://CVE-2025-2760-1.patch \
55 file://CVE-2025-2760-2.patch \ 55 file://CVE-2025-2760-2.patch \
56 file://CVE-2025-2761.patch \
56 " 57 "
57SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e" 58SRC_URI[sha256sum] = "50a845eec11c8831fe8661707950f5b8446e35f30edfb9acf98f85c1133f856e"
58 59