-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:20:06 +0100 Source: gimp Binary: gimp gimp-dbgsym libgimp2.0 libgimp2.0-dbgsym libgimp2.0-dev libgimp2.0-dev-dbgsym Architecture: i386 Version: 2.10.34-1+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: ac730967a7eb4a49ef26de56d595ea56605ee5e9 13976764 gimp-dbgsym_2.10.34-1+deb12u8_i386.deb c9716f1a93b40f39e3d9819273bc3c928209cd7e 21134 gimp_2.10.34-1+deb12u8_i386-buildd.buildinfo 14c4a7749caa7e050a7e992ec0cc48da2d6d4761 5084892 gimp_2.10.34-1+deb12u8_i386.deb c8af2f0cb5640c3893bde6f5a18ddd20dafbcba1 1100416 libgimp2.0-dbgsym_2.10.34-1+deb12u8_i386.deb d0125b0bc534fff9edf0726dfe4c345922a83107 15556 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_i386.deb 93742d9e5403df98416b0aeef0129d165a2f43a4 121264 libgimp2.0-dev_2.10.34-1+deb12u8_i386.deb b1988ae5cc6a054e139daf9527e63825066ee106 837460 libgimp2.0_2.10.34-1+deb12u8_i386.deb Checksums-Sha256: 0fc328a1e82fc813ce8a8e31e0f244918b5abb4ff5467d6e1422021b34cd1ad9 13976764 gimp-dbgsym_2.10.34-1+deb12u8_i386.deb 68fc5c0105122f1fa28bc09379c1bce966f3234abb626b54d8e6986d29719625 21134 gimp_2.10.34-1+deb12u8_i386-buildd.buildinfo 1059ca83fb3523ba7e60eb33bcd2feaf3d517ff153bf526da3e62adb2104f43f 5084892 gimp_2.10.34-1+deb12u8_i386.deb 022be27af0fab2b7c8f2452626e084c4b81ad107fca7219d583ccea5a45d6722 1100416 libgimp2.0-dbgsym_2.10.34-1+deb12u8_i386.deb a25427a774df4e2317c820076a62abf5185a91f1f4cdbd5ba087db2d7db15fb2 15556 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_i386.deb bd24220e08a291f91be01d1cedbd470598474624343b87e3676e209e2e0b013f 121264 libgimp2.0-dev_2.10.34-1+deb12u8_i386.deb 761136d45780861609cf2d54762590e3a637a481ba59403dac64b5cb6142b873 837460 libgimp2.0_2.10.34-1+deb12u8_i386.deb Files: aa5688c63d1b89afefb8edd5fe0eaf33 13976764 debug optional gimp-dbgsym_2.10.34-1+deb12u8_i386.deb a39a2581e4de0a354ebad8f7aa91e249 21134 graphics optional gimp_2.10.34-1+deb12u8_i386-buildd.buildinfo 0d36acedabeac95139296211ebcaf339 5084892 graphics optional gimp_2.10.34-1+deb12u8_i386.deb c1a5201f226dae383b42541eecfdede7 1100416 debug optional libgimp2.0-dbgsym_2.10.34-1+deb12u8_i386.deb 6086cc2823f52d22d295375dd93df4f2 15556 debug optional libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_i386.deb d07487e50fb9f7a7ddc48910822af890 121264 libdevel optional libgimp2.0-dev_2.10.34-1+deb12u8_i386.deb 29b5e89be437fcf4a30ec450e8a7f472 837460 libs optional libgimp2.0_2.10.34-1+deb12u8_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmmTePQACgkQvGw9w6Vr LCe4ng/8Dosrb2FGkDs3ZpHkG6pETS0ATFXXkf24WGK8vf5A+wluQf1IV/Mdp6SM CjQgz9e+Vv6fqSZ2CmUhT2FralDhEeeiXq/Vzw5TgLRtTkivpTTw1JJCXUbzhxR4 o6rOxLzENpfPGsrvjxt5+SpNgdydcn6EVE3P/D0v35XhcY561SNY/WyG2yqefifF d1+ooxS7D868ShulsCpDrzoM4DAf+08JWniDxi57MBX/Jrf2Hji2/FpMwH7s4SrH FDnWwivZd1oGs0L+QCq3GAgq07ur8gp2Gly9z9aBegTGinmhLJN9DwVmq4Xfi4Tk LUwGCt9meGs6a9xDwgdqqaI3yWfGN0qvDSLnZ59bZhNK6gW+q/djF7vzs+iEdKiZ T/gxavjZnApnwXTfYq6IX722a2zox7neaAImoGA5aE52HktwinJd9YG3UA1BZNPu UAvy6gk10gh/Wra06TSE5GsXbzOxzpfjSZEL5CcRikdD3+qWF1NXhHnHOSnIExNx +G6KJZpwwxi18HsSPzJlAMrv/pjV7Bf8o1OE1oR/Ojfdx2Y/Docjh753l2vtjUC+ tOfusXj8+l0jt/m90eCZDdxJSpoNaOrgYS72VOivoifCLEQblfY2MSd5Z0BVVCOY hWZ0mxAY7+Nwi+cm1NpDlQTJWNxUCFaad1TpY5EDxJ6aqRAJZj0= =1q/j -----END PGP SIGNATURE-----