mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

gimp: ignore CVE-2025-48796

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-48796

The vulnerable function ani_load_image() was added[1] after the current
version of GIMP[2], we can ignore the CVE.

[1] https://gitlab.gnome.org/GNOME/gimp/-/commit/aa51b9e19ece8a8c54a513fe33b6d65abcb0fbfb
[2] https://gitlab.gnome.org/GNOME/gimp/-/commits/GIMP_2_10_38/plug-ins/file-ico/ico-load.c?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-01-12 18:34:39 +13:00
committed by Anuj Mittal
parent 69cb161b5d
commit f11e20ad6e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+1
View File
@@ -75,3 +75,4 @@ FILES:${PN} += "${datadir}/metainfo"
RDEPENDS:${PN} += "mypaint-brushes-1.0" RDEPENDS:${PN} += "mypaint-brushes-1.0"
CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux"
CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."