import OL gimp-3.0.4-1.el9_7.3

2026-02-17 06:45:50 +00:00 · 2026-02-17 06:45:50 +00:00 · f04b88bc85
commit f04b88bc85
parent 63d6c118dd
2 changed files with 45 additions and 1 deletions
--- a/SOURCES/gimp-3.0.4-CVE-2025-15059.patch
+++ b/SOURCES/gimp-3.0.4-CVE-2025-15059.patch
@ -0,0 +1,39 @@
+From 03575ac8cbb0ef3103b0a15d6598475088dcc15e Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Sat, 20 Dec 2025 10:10:48 -0500
+Subject: [PATCH] plug-ins: fix #15284 ZDI-CAN-28232 vulnerability in file-psp
+
+We were not checking whether channel types were valid for grayscale
+images. Using a blue color channel caused an invalid computation of
+the offset which could cause us to access an invalid memory location.
+
+Now we separate RGB from non-RGB images when checking which channels
+are valid, and if not return with an error.
+---
+ plug-ins/common/file-psp.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index f00251c573..3f6970561f 100644
+--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
+@@ -2171,11 +2171,12 @@ read_layer_block (FILE      *f,
+                 }
+               else
+                 {
+-                  if (channel_type > PSP_CHANNEL_BLUE)
+                  if ((ia->base_type == GIMP_RGB && channel_type > PSP_CHANNEL_BLUE) ||
+                      (ia->base_type != GIMP_RGB && channel_type >= PSP_CHANNEL_RED))
+                     {
+                       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+-                                  _("Invalid channel type %d in channel information chunk"),
+-                                  channel_type);
+                                   _("Invalid channel type %d in channel information chunk"),
+                                   channel_type);
+                       return NULL;
+                     }
+ 
+-- 
+GitLab
+
+
--- a/SPECS/gimp.spec
+++ b/SPECS/gimp.spec
@ -67,7 +67,7 @@ Name:           gimp
 Epoch:          2
 Version:        3.0.4
 %global rel     1 
-Release:        %{rel}%{?dist}.2
+Release:        %{rel}%{?dist}.3
 # https://bugzilla.redhat.com/show_bug.cgi?id=2318369
 ExcludeArch:    s390x

@ -259,6 +259,7 @@ Patch5:         gimp-3.0.4-CVE-2025-14422.patch
 Patch6:         gimp-3.0.4-CVE-2025-14423.patch
 Patch7:         gimp-3.0.4-CVE-2025-14424.patch
 Patch8:         gimp-3.0.4-CVE-2025-14425.patch
+Patch9:         gimp-3.0.4-CVE-2025-15059.patch

 # use external help browser directly if help browser plug-in is not built
 Patch100:       gimp-3.0.2-external-help-browser.patch
@ -339,6 +340,7 @@ EOF
 %patch6 -p1 -b .CVE-2025-14423
 %patch7 -p1 -b .CVE-2025-14424
 %patch8 -p1 -b .CVE-2025-14425
+%patch9 -p1 -b .CVE-2025-15059

 %patch100 -p1 -b .external-help-browser

@ -654,6 +656,9 @@ done
 %endif

 %changelog
+* Thu Feb 12 2026 Josef Ridky <jridky@redhat.com> - 2:3.0.4-1.3
+- fix CVE-2025-15059
+
 * Tue Jan 20 2026 Josef Ridky <jridky@redhat.com> - 2:3.0.4-1.2
 - fix CVE-2025-14422
 - fix CVE-2025-14423