-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:20:06 +0100 Source: gimp Binary: gimp gimp-dbgsym libgimp2.0 libgimp2.0-dbgsym libgimp2.0-dev libgimp2.0-dev-dbgsym Architecture: arm64 Version: 2.10.34-1+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: a4b103029d20d61cdaacbb82daf09ce7d3394b14 17052112 gimp-dbgsym_2.10.34-1+deb12u8_arm64.deb 3a120c9f21e686027cfd18913b3fda3c79e57ea5 21205 gimp_2.10.34-1+deb12u8_arm64-buildd.buildinfo f4488d12eaab8cbb448c84f7a4eddf6706200276 4061456 gimp_2.10.34-1+deb12u8_arm64.deb 93a231b66ff9c0e62a1ecaadc9a1bf715f5557a6 1363484 libgimp2.0-dbgsym_2.10.34-1+deb12u8_arm64.deb 00232fec3edec7771cea8e517625a71041ca504e 16708 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_arm64.deb b7b3870685a8d5e4f9de57fc0c7c73dedb65adc6 120712 libgimp2.0-dev_2.10.34-1+deb12u8_arm64.deb d162d8198f31894c9bd26ffb8c7cfb778324c2ef 781120 libgimp2.0_2.10.34-1+deb12u8_arm64.deb Checksums-Sha256: 34e5dc863d5d4622b6742898620dd5d543c1fbcee2269f1f48fc196698e5b3f8 17052112 gimp-dbgsym_2.10.34-1+deb12u8_arm64.deb 6c801088963883e124ee46cd18d90bc4deca591cfbb755d9887ab06706dbd5ac 21205 gimp_2.10.34-1+deb12u8_arm64-buildd.buildinfo e38a57b83137f2210cb9724a5943e0ab3b44e6b4877914682594c5ae2dc93e78 4061456 gimp_2.10.34-1+deb12u8_arm64.deb 226a85cf551cdd5035867d77dfdbe6b67258644188ed43fac3528ded4f97c81f 1363484 libgimp2.0-dbgsym_2.10.34-1+deb12u8_arm64.deb 2686f29b3222e6dc78e9a13bd65a76c4cb7255ee0354ffd0e76e9e1d4064b4e9 16708 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_arm64.deb 31e915a77eaa6ea823522cf6ffc3d55536c43c48a5138fd37be703de14ca16a4 120712 libgimp2.0-dev_2.10.34-1+deb12u8_arm64.deb 67082045a0eeaeed2f80481f6fd0c844cc6a1685b54972cb17b92c35cfca0f0b 781120 libgimp2.0_2.10.34-1+deb12u8_arm64.deb Files: caced57a6b4630be7f6b273b52b26e19 17052112 debug optional gimp-dbgsym_2.10.34-1+deb12u8_arm64.deb 0f1c45387b243c035b3ed20a1f570d2b 21205 graphics optional gimp_2.10.34-1+deb12u8_arm64-buildd.buildinfo 54d47e9dcf60ee131aa2839482d15fe8 4061456 graphics optional gimp_2.10.34-1+deb12u8_arm64.deb c3eed35d66992f30975b36a8e9983147 1363484 debug optional libgimp2.0-dbgsym_2.10.34-1+deb12u8_arm64.deb ab7af3be653444604fc34f6983bc971a 16708 debug optional libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_arm64.deb f525b33429165fdec5b2b7c1d4ff87d2 120712 libdevel optional libgimp2.0-dev_2.10.34-1+deb12u8_arm64.deb cdf1dc11261b93f267ecb46dfae9cb82 781120 libs optional libgimp2.0_2.10.34-1+deb12u8_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmmTeKAACgkQCr/D/stJ kDw6shAAqG9jDUPbNMA/sK8D9wIlEIfM/u8y2f9ODGghQ6LsOolf+5Vrnqf2CBAE SW30k2eFEo/9SoFDgwIlPLiKGdQqwre4O4oIXFsLA39A9j9hmr2jRZwoM4NqHw6x tP03F1Lhnedz0xnEjT04mj4pjdPI+Is9R5e/bCQ3MJ66UmkG0pUwixE2Zx93/+MN 2Hv0JBltBeBF6IZlZZNuY+6lCIzJ0pUoa8FxIw5osisoWk1Nal7GvfywIjP8X767 Qjw+OgcNwd7zXJdIQjJLE+96rDNCoPXaiz6pe3aYxaZ/bFbSnHJ9OOvMK1qERbWy mzLYYGH/ZZZgIoNxH2f75DkFM1MeZVLB1kCA9606MjDRnh2ECSNAHHHhYnwkYDBc p9L2Jp+kaPUkuRjKuky4uxlV9qwxnD8gIm/jw3CjvOJClzqTqaFdC7c+TGT7UMRz 9qMU5d4VNxkcRS+5lj7nFJgPop3IkGbWaL7kCclpUuqdT2LgDjsM9XuzbQy8GUEM PDlAyfiJQnv8K9sXGE/g4QmkFy2u/LElsDI2uewUxCrIqwtqQg5X7MxqCQ+1vnjl xTlkEoXCBn2DCUkA2VTGVVIdxjfxTINsLIQrt/k7vw3fiPcCGW9cy8BepB2aNEzV JkFLGnnAdTnfud4GXCZFCvNbaQstFLbcAjoRhTipUf8ShWMXp48= =Yljz -----END PGP SIGNATURE-----