diff mbox series

[meta-gnome,scarthgap,5/6] gimp: ignore CVE-2025-48796

Message ID 20260112053440.3694238-5-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-gnome,scarthgap,1/6] gimp: upgrade 2.10.36 -> 2.10.38 | expand

Commit Message

Ankur Tyagi Jan. 12, 2026, 5:34 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-48796

The vulnerable function ani_load_image() was added[1] after the current
version of GIMP[2], we can ignore the CVE.

[1] https://gitlab.gnome.org/GNOME/gimp/-/commit/aa51b9e19ece8a8c54a513fe33b6d65abcb0fbfb
[2] https://gitlab.gnome.org/GNOME/gimp/-/commits/GIMP_2_10_38/plug-ins/file-ico/ico-load.c?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index 68daac776d..064a797986 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -75,3 +75,4 @@  FILES:${PN}  += "${datadir}/metainfo"
 RDEPENDS:${PN} += "mypaint-brushes-1.0"
 
 CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux"
+CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."
\ No newline at end of file