-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:16:47 +0100 Source: gimp Binary: gimp gimp-dbgsym gir1.2-gimp-3.0 libgimp-3.0-0 libgimp-3.0-0-dbgsym libgimp-3.0-bin libgimp-3.0-bin-dbgsym libgimp-3.0-dev Architecture: amd64 Version: 3.0.4-3+deb13u6 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program gir1.2-gimp-3.0 - Introspection data for the GIMP library libgimp-3.0-0 - Libraries for the GNU Image Manipulation Program libgimp-3.0-bin - Development binaries for the GIMP library libgimp-3.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (3.0.4-3+deb13u6) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: 374f7bcf4308a273733c86119764d9ea2a47360d 17834688 gimp-dbgsym_3.0.4-3+deb13u6_amd64.deb 87bab9826619ff5f43f228a0f573917dfe73a75d 23330 gimp_3.0.4-3+deb13u6_amd64-buildd.buildinfo 7b2b27cd90d0fff9ddafbd3219f34d44b909134e 6550324 gimp_3.0.4-3+deb13u6_amd64.deb 1b1d94ec6c51e08ba9f6a7d24c6c4ae4a7aea851 93384 gir1.2-gimp-3.0_3.0.4-3+deb13u6_amd64.deb bf2ab1083cb1d2ea87635a34c735d26a3c7bb3cc 2055052 libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_amd64.deb 75b4704dfeafa9dcf3828e8b8ef3fd8b4f5b7317 1042992 libgimp-3.0-0_3.0.4-3+deb13u6_amd64.deb b92af86a49d06fdaeb51e4ccdc601220f7390f50 18208 libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_amd64.deb 8cc97a3af3253a273f989c54f29a657984742975 31708 libgimp-3.0-bin_3.0.4-3+deb13u6_amd64.deb 6047e1db89f8467bd3a5728879f96db036113d56 360140 libgimp-3.0-dev_3.0.4-3+deb13u6_amd64.deb Checksums-Sha256: f0e4e74ea89bc0e7f1d95e34af2bd5aacec7136fdb185b2c06c67bcfb9fdf667 17834688 gimp-dbgsym_3.0.4-3+deb13u6_amd64.deb bd7ed6e8990475ecd0222bbb48e862794d8400fe99c61766767d5ae28ddc1712 23330 gimp_3.0.4-3+deb13u6_amd64-buildd.buildinfo d6ed3aa30bd57dbfd071ded580584c2982371afe7bda81a88047dc792974b793 6550324 gimp_3.0.4-3+deb13u6_amd64.deb 85ecc906b891a336d782eecd6e89deec8df29eddd753cb6a8c6bb6ca37837e27 93384 gir1.2-gimp-3.0_3.0.4-3+deb13u6_amd64.deb eadeffe682394f268d18568b2581b78228cbdbec81899a9ea5d6524524245868 2055052 libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_amd64.deb 478c9f4f8ad39045d99e8ac3245e99cf7f7a122b6b154a9ae64a0719b53edb64 1042992 libgimp-3.0-0_3.0.4-3+deb13u6_amd64.deb d445057fb2e68c2f983c4e59cc33d20564eca7156588f82075ab0b5b63c2b4f8 18208 libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_amd64.deb fc20cec21dec97403c6492f16d5ea8990d533d33da7ec9acc6ad64eefd8febfb 31708 libgimp-3.0-bin_3.0.4-3+deb13u6_amd64.deb 5a8c7cc2b06f7f6bc172d266d5a89c6b40cca0a0d3f5725cc24dc736b2f35d6d 360140 libgimp-3.0-dev_3.0.4-3+deb13u6_amd64.deb Files: d0757e1221f8948011d4e3e0e0f5ba9c 17834688 debug optional gimp-dbgsym_3.0.4-3+deb13u6_amd64.deb 52ef3d8769e7793e91f1cdb4cc4a5fbd 23330 graphics optional gimp_3.0.4-3+deb13u6_amd64-buildd.buildinfo 457b86083b5235ee3e4ebcf5c7b5c28c 6550324 graphics optional gimp_3.0.4-3+deb13u6_amd64.deb ef33bf5b548fd977db58ba0bfd13a1d6 93384 introspection optional gir1.2-gimp-3.0_3.0.4-3+deb13u6_amd64.deb 86856f5d7fa6235f18a42af72cb66b30 2055052 debug optional libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_amd64.deb 1c84a93303a641ceb6e67cf94bc942be 1042992 libs optional libgimp-3.0-0_3.0.4-3+deb13u6_amd64.deb 8872de922a05da6e1e281df8a538d872 18208 debug optional libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_amd64.deb 712f7ccde288dc17c5c524fbed4fd9d4 31708 libdevel optional libgimp-3.0-bin_3.0.4-3+deb13u6_amd64.deb 65d20475e649d8022e3500d9c9a83955 360140 libdevel optional libgimp-3.0-dev_3.0.4-3+deb13u6_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmmTah0ACgkQiZlfn74W V6lFkw//aXxwNv7CN7+jEgNfz6tXyvyuVsEHnRkuspSYeB5M2MdSNQRGhoxLD2rR J533m6ZwST1qFTSuw5PMSOc6z4bH2a6L47GXj6pSp4wMByrq2yb5+n4pD7TeRym5 1oLdAgM8ifHBQtalBLrBOmGlnu4UJlhdS7ATcEtCb+yznhlfYmht5P4+wVIzrMnr 5XPYVYicoAFbF2j+ORys8wPQi2GlCxQ1VqacxGzXhkzPE4LURZKjMW7Td7xlPZHT iYucID0UaBDrRHdY1GMg2oqJgTX/TDZJJaHYzlsVZPq0ZqhuSVLDROxy4FBFUnf6 Eyfo6E1HgZKdfIsZ5CDgpqECShmVLxlwJsHRWVSj5V1OTsd/sjAEKFR3Lm5DfOpC gVcORC0TwE5DOTugK6NGcoyy2dM47tvxzjlpntWnEmC+PK3Y9nV8dMxZrl6ivLMV CqVVd6O8EoO57+4RgFAav+4U04y44Y44/59/sMgsTCfMHrf2xsHjMaJqe7t/UPwW yvyupPwszD+QkZ4StUnbBvaWLJA/HME6NNPgvCvD9sQfvnBD+eyPT1UqUj7BEzbM QdDrXqF8L0UTn5yzcLxuW1pbwS/2f5NK9BROhJlFadWdNNbaVM1ss0AEqR2x6qTz ONhcxNH5puQWLIT766DJAc4ieS4AfuBhyJj0AHd0SjSUrNupgEE= =YRBO -----END PGP SIGNATURE-----