-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:20:06 +0100 Source: gimp Binary: gimp gimp-dbgsym libgimp2.0 libgimp2.0-dbgsym libgimp2.0-dev libgimp2.0-dev-dbgsym Architecture: amd64 Version: 2.10.34-1+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: 169e97eeddf9c17dee9414b84a44fab0d8fee7f0 17139376 gimp-dbgsym_2.10.34-1+deb12u8_amd64.deb 045831303c15b6f9a8fd56c750b459e0f6ee6875 21229 gimp_2.10.34-1+deb12u8_amd64-buildd.buildinfo e80f80358a2ad18397543f95d10c149be393105b 4473108 gimp_2.10.34-1+deb12u8_amd64.deb 6c5592052e200be1295a45cafee095d47617c835 1374340 libgimp2.0-dbgsym_2.10.34-1+deb12u8_amd64.deb e6a7c14c6c41ead54a2f29821cbd126e26aef1e2 16516 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_amd64.deb 0f9c6eb376aa4d29479c2c297e8a292b457f0049 120916 libgimp2.0-dev_2.10.34-1+deb12u8_amd64.deb f19cc1d2d73300649673fdf2ee2ced9711b7df8d 818276 libgimp2.0_2.10.34-1+deb12u8_amd64.deb Checksums-Sha256: 186a3affd3b48d6f20389169e5d01c0c7e03ae2ad7983937c76d5e0514190e34 17139376 gimp-dbgsym_2.10.34-1+deb12u8_amd64.deb eeaa40de63a900694e3c557d4f323060ec5f9200aeb525d7f8612209348d2e53 21229 gimp_2.10.34-1+deb12u8_amd64-buildd.buildinfo a4745dec0306df03f1f465a4a976de9559221ebde5a1a979105c8502c0947f1b 4473108 gimp_2.10.34-1+deb12u8_amd64.deb e4bfd0e1003e026339455779218a10aab194ddb63d1907061c4aee8e7ce9ea41 1374340 libgimp2.0-dbgsym_2.10.34-1+deb12u8_amd64.deb e36e442749eb04f44bb83d0a3c88c01bb45d32da1760cb5b727d44a6f393ab88 16516 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_amd64.deb 29fff55d71fc12cfd2202141e5327bd174d518e0f055a68056135526962f5399 120916 libgimp2.0-dev_2.10.34-1+deb12u8_amd64.deb 206aafc356cc6023bf9384037956b0d88bf87929bb129e0eb072c0b63582b928 818276 libgimp2.0_2.10.34-1+deb12u8_amd64.deb Files: 2b5823b8da25b27242954b58b5b1424a 17139376 debug optional gimp-dbgsym_2.10.34-1+deb12u8_amd64.deb c1ea839c7ddd39774cbecebc6c528ec9 21229 graphics optional gimp_2.10.34-1+deb12u8_amd64-buildd.buildinfo c4f87fda2864c8cae297a805c4256e2f 4473108 graphics optional gimp_2.10.34-1+deb12u8_amd64.deb 308d147a9799c8b85eff58f977866f68 1374340 debug optional libgimp2.0-dbgsym_2.10.34-1+deb12u8_amd64.deb a27b0ede050ce844eb17f67915714a66 16516 debug optional libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_amd64.deb 592bca8dafb5844f57f206583c732573 120916 libdevel optional libgimp2.0-dev_2.10.34-1+deb12u8_amd64.deb 3e308985d88f7fdf6655814a81be17d8 818276 libs optional libgimp2.0_2.10.34-1+deb12u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmmTeOYACgkQiZlfn74W V6mT1Q/+IjV/7FF+J3CSkweE6sQggOkixbvvjSp08d4EtbnNS1wnr2qhxH1b19tv R7e0316S6VqXa+RyXZT6xvRbYZibVS0r3MYLodim6AmryWT4z3BT0m1ndI605ryG cQYrM/B3SHq3slnH4FEWYwjANQpOYUws4YBsf77YYlzYiPTplAHJ8R9TT6fddg/5 w82wl89tsQJCCL7HnwjwM4+fOBHF0OG5C3E8LSIf4EwuTGeOIpgjs4Q/Uq3LtFCB fiofaIf4ZYtGkAskXcjj4hzs5NP7N0XyBdB+slOZiHmvkDKL2B/By98bRvgKFIUM LZPPHm6zsEP/tBX2pmjqJw/yca2U1F871lXHy5OaVLAmEAGmYpaYD+w7ZIEPYFNP 9haKIiSqZhFG8AFOOaGMprzU5ba8qYGeb2JW/GANh9qNol1dKFIMMj/yxjhH9Czh 0EXacffmZZdv74A/fVpIWzkOGKrdhJan+XQld3TDEbKQkYXGPSvY9rpeEHWqy41r FIcy705M8DytIZoD3xEtHMI8l0GQIoGXECRLggFAZBh0Dkg3BcAk4oJeJfGU/cx4 XioFMLF1pvIHQm69LcOjZQ7glu0mLqeIvAAGKgXtW2N8WDgZky7ZZPMCoD2seN9o 86cq7m446v+caFpSIxF8E9Gcv/+BK1UzS0cc562aCJeP0WBAcks= =2gZf -----END PGP SIGNATURE-----