diff mbox series

[meta-oe,scarthgap,7/8] gimp: ignore CVE-2025-14423

Message ID 20260206082048.1442403-7-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,1/8] fontforge: patch CVE-2025-15279 | expand

Commit Message

Gyorgy Sarvari Feb. 6, 2026, 8:20 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423

The vulnerability is about parsing LBM files, however this feature
was introduced in verison 3.0[1], and the current recipe version
is not vulnerable.

[1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index 36b0712976..8aa5ee09cb 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -76,4 +76,5 @@  FILES:${PN}  += "${datadir}/metainfo"
 RDEPENDS:${PN} += "mypaint-brushes-1.0"
 
 CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux"
-CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."
\ No newline at end of file
+CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."
+CVE_STATUS[CVE-2025-14423] = "cpe-incorrect: The vulnerability was introduced in v3.0"