Version in base suite: 3.0.4-3
Version in overlay suite: 3.0.4-3+deb13u1

Base version: gimp_3.0.4-3+deb13u1
Target version: gimp_3.0.4-3+deb13u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/gimp/gimp_3.0.4-3+deb13u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/g/gimp/gimp_3.0.4-3+deb13u2.dsc

 changelog                    |    6 ++++++
 patches/CVE-2025-10934.patch |   30 ++++++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 37 insertions(+)

gpgv: Signature made Sat Sep 27 17:17:39 2025 UTC
gpgv:                using RSA key B6E62F3D12AC38495C0DA90510C293B6C37C4E36
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpx4p277h8/gimp_3.0.4-3+deb13u1.dsc: no acceptable signature found
gpgv: Signature made Fri Oct 31 11:41:12 2025 UTC
gpgv:                using RSA key B6E62F3D12AC38495C0DA90510C293B6C37C4E36
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpx4p277h8/gimp_3.0.4-3+deb13u2.dsc: no acceptable signature found
diff -Nru gimp-3.0.4/debian/changelog gimp-3.0.4/debian/changelog
--- gimp-3.0.4/debian/changelog	2025-09-27 15:03:28.000000000 +0000
+++ gimp-3.0.4/debian/changelog	2025-10-30 23:02:54.000000000 +0000
@@ -1,3 +1,9 @@
+gimp (3.0.4-3+deb13u2) trixie-security; urgency=medium
+
+  * CVE-2025-10934 (Closes: #1119661)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Fri, 31 Oct 2025 00:02:54 +0100
+
 gimp (3.0.4-3+deb13u1) trixie-security; urgency=medium
 
   * CVE-2025-10924 (Closes: #1116461)
diff -Nru gimp-3.0.4/debian/patches/CVE-2025-10934.patch gimp-3.0.4/debian/patches/CVE-2025-10934.patch
--- gimp-3.0.4/debian/patches/CVE-2025-10934.patch	1970-01-01 00:00:00.000000000 +0000
+++ gimp-3.0.4/debian/patches/CVE-2025-10934.patch	2025-10-30 23:02:54.000000000 +0000
@@ -0,0 +1,30 @@
+From 5c3e2122d53869599d77ef0f1bdece117b24fd7c Mon Sep 17 00:00:00 2001
+From: Jacob Boerema <jgboerema@gmail.com>
+Date: Wed, 3 Sep 2025 18:37:26 -0400
+Subject: [PATCH] plug-ins: fix ZDI-CAN-27823
+
+--- gimp-3.0.4.orig/plug-ins/common/file-xwd.c
++++ gimp-3.0.4/plug-ins/common/file-xwd.c
+@@ -1683,9 +1683,20 @@ load_xwd_f2_d16_b16 (GFile           *fi
+           greenval = (green * 255) / maxgreen;
+           for (blue = 0; blue <= maxblue; blue++)
+             {
++              guint32 offset = ((red << redshift) + (green << greenshift) +
++                                (blue << blueshift)) * 3;
++
++              if (offset+2 >= maxval)
++                {
++                  g_set_error (error, GIMP_PLUG_IN_ERROR, 0,
++                               _("Invalid colormap offset. Possibly corrupt image."));
++                  g_free (data);
++                  g_free (ColorMap);
++                  g_object_unref (buffer);
++                  return NULL;
++                }
+               blueval = (blue * 255) / maxblue;
+-              cm = ColorMap + ((red << redshift) + (green << greenshift)
+-                               + (blue << blueshift)) * 3;
++              cm = ColorMap + offset;
+               *(cm++) = redval;
+               *(cm++) = greenval;
+               *cm = blueval;
diff -Nru gimp-3.0.4/debian/patches/series gimp-3.0.4/debian/patches/series
--- gimp-3.0.4/debian/patches/series	2025-09-27 15:03:28.000000000 +0000
+++ gimp-3.0.4/debian/patches/series	2025-10-30 23:02:54.000000000 +0000
@@ -3,3 +3,4 @@
 CVE-2025-10923.patch
 CVE-2025-10922.patch
 CVE-2025-10920.patch
+CVE-2025-10934.patch