-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:16:47 +0100 Source: gimp Binary: gimp gimp-dbgsym gir1.2-gimp-3.0 libgimp-3.0-0 libgimp-3.0-0-dbgsym libgimp-3.0-bin libgimp-3.0-bin-dbgsym libgimp-3.0-dev Architecture: i386 Version: 3.0.4-3+deb13u6 Distribution: trixie-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program gir1.2-gimp-3.0 - Introspection data for the GIMP library libgimp-3.0-0 - Libraries for the GNU Image Manipulation Program libgimp-3.0-bin - Development binaries for the GIMP library libgimp-3.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (3.0.4-3+deb13u6) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: 57e82cfd6f1a762da3fc13d41ca02c904900b5a5 14712044 gimp-dbgsym_3.0.4-3+deb13u6_i386.deb 8140c71e20be0b0a99ff0cc226b12fc8cc4f38f5 23213 gimp_3.0.4-3+deb13u6_i386-buildd.buildinfo 299db44dfd43733f4f30b50b8039839789aad6a7 7204640 gimp_3.0.4-3+deb13u6_i386.deb e6e2164783bd1eaf039cfa150f9c75f803495ec2 93332 gir1.2-gimp-3.0_3.0.4-3+deb13u6_i386.deb 7da44a725c0d13a1cc46db11a35fc582321e6a09 1675252 libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_i386.deb 7134d3aeb82fa686d12455091b9f9e844caadf3f 1071916 libgimp-3.0-0_3.0.4-3+deb13u6_i386.deb 673bfd0bd90cf3f6164bebd3eec2e48151f011e7 17180 libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_i386.deb 5c085adaf2d871e021dd04066bd875ddb9cd437b 32068 libgimp-3.0-bin_3.0.4-3+deb13u6_i386.deb 819f7804b662a7a2b99feb47194e06191857c441 360156 libgimp-3.0-dev_3.0.4-3+deb13u6_i386.deb Checksums-Sha256: 79f434d9f2b17848bb0ce81977bcd099cad347013a0a32cbb6af9b50d4520bad 14712044 gimp-dbgsym_3.0.4-3+deb13u6_i386.deb c94eebe30b86a98abf107dfe1442880f1d5bc8d8039a49a420d891b12735f7d0 23213 gimp_3.0.4-3+deb13u6_i386-buildd.buildinfo 4e5059c85c915559427d75b6fa0be743b6af1d5685326142df5ae4b5639d9b31 7204640 gimp_3.0.4-3+deb13u6_i386.deb b953ef331df3ce4a4d8333672d038100a1531d4e7c7aff68bea48b03153c8f17 93332 gir1.2-gimp-3.0_3.0.4-3+deb13u6_i386.deb 3d94555c0d5de0cc53325539c02fccf0815dd206a35f2bea89844b63f5c41999 1675252 libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_i386.deb d5d497dc1ae7353962e9e9c82fb2f09a13af18cb6928b186db8912f91bb1cfb1 1071916 libgimp-3.0-0_3.0.4-3+deb13u6_i386.deb c374f87d5f9b7f7aaaa619c8fddae3579bb1336bc79b6b01d68fa7eabbba85a5 17180 libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_i386.deb 5b3e284879a4c71b63f16bf91f316c8b7dc36ff5a560468ae634f1c76c3945e9 32068 libgimp-3.0-bin_3.0.4-3+deb13u6_i386.deb 5293e820468e0c9a83b1af7f4cc849cc1a0beaba16d34bc119ea0ae799fd74f1 360156 libgimp-3.0-dev_3.0.4-3+deb13u6_i386.deb Files: ea70378c123fb2c891c41768c0d439a2 14712044 debug optional gimp-dbgsym_3.0.4-3+deb13u6_i386.deb ab307f46eb8bfab683daba6295253a77 23213 graphics optional gimp_3.0.4-3+deb13u6_i386-buildd.buildinfo 4b52e708b4bf1956b1e6a48428971209 7204640 graphics optional gimp_3.0.4-3+deb13u6_i386.deb 3c04792b071986a847b4165bec9022cc 93332 introspection optional gir1.2-gimp-3.0_3.0.4-3+deb13u6_i386.deb 62026d7ad5cbbde3a9e9dc5fe76f17fd 1675252 debug optional libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_i386.deb 21b8e153cdaca8c63ec7827a4670833e 1071916 libs optional libgimp-3.0-0_3.0.4-3+deb13u6_i386.deb 59cf976d85d966d5e5f14deb5a37d11c 17180 debug optional libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_i386.deb 2c53b7397da002875807d2baa23df8a6 32068 libdevel optional libgimp-3.0-bin_3.0.4-3+deb13u6_i386.deb b3d43823327aaae8468f755fad711ebf 360156 libdevel optional libgimp-3.0-dev_3.0.4-3+deb13u6_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmmTanYACgkQvGw9w6Vr LCcEPw/+Pq5MxOH2KxGjjPIdu/zT5lWPTCPqJfufQZMvzExW139ih4XGUHOExMZh s7uwmgxGJBZEUMrFTCPKrsngMwWGnEh+9m3GTKr6Ow+4kOrWQc1sjxbxZXAkGHco Ez1eVzHjuOZ6u7sc1QraXFwUcydx7TLSsuiaEHFpBDZ7EyDDMFJ9ts3FNUfNx+AR K3ffg8CUJGjWuvIKD2PSN9OdaZbZz47kVfZFulzPE7FtOkGYhOqJTqJG5q4RsP1a XkHcMcAOAXBPDOuo8cnIjSCK451X05O0H9/2lPnlCg/k/vdO3jvaDrLkMURmglKS dz+/72VyRvIBlviZs6UhOdKeamDezxz8/sIbwo84o9bWqQdkBnuIjdF5+YAb11cD eklDPkDT8rBfE8EpEfW+uIIFQE8EjZoXOnXYqXeMV/69eIBLDt6tZ/usTSR/XrOM m3jbhBegBVAYVMJk15Fv2x8N/Pll2W73oFjLQb8Zd2uC05fWbqizjDl8A1OWfX66 hH7YhGGryOnaWyWbwfhHG/Wxn2yKSNJqNm2vHVE7nJJz/0OMCO3TPmXK5XaCuzZ4 c2c8i/ipeoiIH9bNgc974+vYM4puoyeNajeyUAe+O6TQkYD0vZQo1e76bB4TTCY5 N+qPchbal83ciWtFd+bRpUMdjNQ7BK7rf606E+NDiLii1VEtp8s= =f5HF -----END PGP SIGNATURE-----