-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:20:06 +0100 Source: gimp Binary: gimp gimp-dbgsym libgimp2.0 libgimp2.0-dbgsym libgimp2.0-dev libgimp2.0-dev-dbgsym Architecture: armel Version: 2.10.34-1+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: 6db6f4c50ad78ccbbd92703be38385ccb3385a29 16255772 gimp-dbgsym_2.10.34-1+deb12u8_armel.deb 3663b8f26e0612b03019c4e787cb6ea0e2c57342 21023 gimp_2.10.34-1+deb12u8_armel-buildd.buildinfo ca07b3994d9a2c6fdcc006e521c3669dc3900572 3962580 gimp_2.10.34-1+deb12u8_armel.deb 534fbb9161c8149ebc28315a240bdc7a206352ac 1331640 libgimp2.0-dbgsym_2.10.34-1+deb12u8_armel.deb 0ff401736ee1e839b536360cd04d5524f1e66823 16896 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_armel.deb 3735562a96b7ff24e096d65eed6ad044904b0887 120532 libgimp2.0-dev_2.10.34-1+deb12u8_armel.deb 26313aad6e57da8954cdea9d64d1798119f5f9f7 743380 libgimp2.0_2.10.34-1+deb12u8_armel.deb Checksums-Sha256: 91a760deb78e35fc91800bec2f3e8fa371f6fe569902ab9124bc86a65f63c178 16255772 gimp-dbgsym_2.10.34-1+deb12u8_armel.deb f26b1dd8689e7a0ce378d37b4a7ae98c0e4dddb829a148a5297f07177266f6ad 21023 gimp_2.10.34-1+deb12u8_armel-buildd.buildinfo 04adc6599b513a32b2555694937fc257d899970fa0c53b436a94740afc8f1c8c 3962580 gimp_2.10.34-1+deb12u8_armel.deb f3b93791fe56b0d8e6f3ca7c52e980d4f460b8b0d3b768e2417b174dc9508112 1331640 libgimp2.0-dbgsym_2.10.34-1+deb12u8_armel.deb 11dfe9dfb432ba16355ee6b0ebc8037aad9c64b42d2cf1aa17d66d4797549cde 16896 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_armel.deb eb539514217493ac09808046257d3acbedbd46a3a9d8722792cbfeee0d7f3294 120532 libgimp2.0-dev_2.10.34-1+deb12u8_armel.deb f68c597e7af7cc997f1a61ccda0c5875b45ec4840579292441cd0e355be5b263 743380 libgimp2.0_2.10.34-1+deb12u8_armel.deb Files: 00cc1da9e9a188623892cf0a3a49b95b 16255772 debug optional gimp-dbgsym_2.10.34-1+deb12u8_armel.deb f16de4a21da5f68421396eac1930c4a4 21023 graphics optional gimp_2.10.34-1+deb12u8_armel-buildd.buildinfo fbc06c3fc6aeee2ece6e334566ff2de5 3962580 graphics optional gimp_2.10.34-1+deb12u8_armel.deb f2320fbcb72b5343b11ba21ac28fb8c1 1331640 debug optional libgimp2.0-dbgsym_2.10.34-1+deb12u8_armel.deb d601e8ad15e266be3ec5f8004cf4850f 16896 debug optional libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_armel.deb 55f111940578a02945edde075373bd96 120532 libdevel optional libgimp2.0-dev_2.10.34-1+deb12u8_armel.deb 776b36aa89d74bc7e7448e45d743c257 743380 libs optional libgimp2.0_2.10.34-1+deb12u8_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmmTeRgACgkQOQKMdMnE H5P0hw//be6vKjwn2SunB+QtzvVSWHsqcWR2KjcLDLQsoSlUqkNYp7vZwcVXfFiK IyyzuYdfVS10Gky5Ky/L0CMGiJpoWLi20SD2cWAkc9aJ+eoLZ0+beMz7fyj/RrBF 6gGVOCmTBDNMV5SLWd+8ZCfQ9v85JvnKKutgC/i0XIZa+btwEfYCOMaE59xu7r+t 1XvtYwejG2IetoVYjhflryT1ZRPo18X1nPAPlmdwy+n4Rty7z3s3hr+t36nvuR9x OYKvBL37514HruuXkLHZAjZiQNXRNc8U+RWF6lGtNuzJWp7gREOoEomUjQwbQAfa N9EFKbpEVjfo5NwPD6AmcDweq9YsvvpuzFH4GCQjCemqKyg+OpvpfZCVGyqoc8Hr LITx5k50lnFzOqLIfuUgh3vFz+iH/f9Hl5hmxRtdbWQ8bAAZsk/oDotXweSyudNO rw1nIbBfliQIhaCBHe7rn4zt8aVHUrsTaiYa+QXapFk3bhFle++WmSUFBK435Per HTv5n6c464aGf7WGgHIRh4ZAZGlqQTS+SUU86+kSjG+jpGPEpZ4g9v9+hnLtkF66 MTd9e77SXRupchCEodPCGbm+iUkVCvwD5H3w/PsUsT38LIfzE2qC8a0KoMS/sBTK AwvJtqmbZ+MsUBKaEXV6jiK0YoOpaZ+ATEYJYngPavXVDS7quus= =Vstq -----END PGP SIGNATURE-----