-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:20:06 +0100 Source: gimp Binary: gimp gimp-dbgsym libgimp2.0 libgimp2.0-dbgsym libgimp2.0-dev libgimp2.0-dev-dbgsym Architecture: armhf Version: 2.10.34-1+deb12u8 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program libgimp2.0 - Libraries for the GNU Image Manipulation Program libgimp2.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: 847bf3716b3828b27bcf2ccbed06a72f5bd38c4e 15545604 gimp-dbgsym_2.10.34-1+deb12u8_armhf.deb 5fe74b0cbde4fb97a3c5c04ef760df1113e6f710 21025 gimp_2.10.34-1+deb12u8_armhf-buildd.buildinfo 487ba159e005cba3a03c286f712b14dbc578d8f6 3809044 gimp_2.10.34-1+deb12u8_armhf.deb 59e8d7903f64a270a898626bb4f0349dced9f054 1344296 libgimp2.0-dbgsym_2.10.34-1+deb12u8_armhf.deb 819b136286a4dab3baf94c1d3ded724864234021 16988 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_armhf.deb d1e68bd5f04a6c97910f09a533292283a8592200 120496 libgimp2.0-dev_2.10.34-1+deb12u8_armhf.deb b2568d788e4d2c325d6f192a9aaf69e8f1f3627e 748172 libgimp2.0_2.10.34-1+deb12u8_armhf.deb Checksums-Sha256: cc1b482a30cf7c6fd4967e6aad271d360f733dec6f70ede966d93b3ff612b329 15545604 gimp-dbgsym_2.10.34-1+deb12u8_armhf.deb fa86763dbf12a78c4e0eaf788fef4137b6ea1bedab1b7daaf1fed495c89754cc 21025 gimp_2.10.34-1+deb12u8_armhf-buildd.buildinfo 45da4600f9b6482afcf591a9a8e209c97827fda1f158b49a7819667d464985c7 3809044 gimp_2.10.34-1+deb12u8_armhf.deb 8b7a73592c26b98724f9a11a8594ff6f229f993bbb2d747d9926cfab80afd78f 1344296 libgimp2.0-dbgsym_2.10.34-1+deb12u8_armhf.deb 7d5e11195c15d01ac0c7d8f730a76bc2475943d92eea04144298cb7c322fba3b 16988 libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_armhf.deb 779341cbc4dceec4bd92b1e83d634792d0d2f13ca8f8526351cceccf13517618 120496 libgimp2.0-dev_2.10.34-1+deb12u8_armhf.deb 73dc429238a25bdf108641805e22e095d1d2b20cf55dbb648f01761fccda3730 748172 libgimp2.0_2.10.34-1+deb12u8_armhf.deb Files: 28fdf9827e02c428a23f1e0c23667c2e 15545604 debug optional gimp-dbgsym_2.10.34-1+deb12u8_armhf.deb 1960edad1fb5555c3ba241f19a98d45d 21025 graphics optional gimp_2.10.34-1+deb12u8_armhf-buildd.buildinfo 4551e09b10639fc77607ad747deef4e1 3809044 graphics optional gimp_2.10.34-1+deb12u8_armhf.deb 374f4ccfcacdfe9cf6aed0e1186e5669 1344296 debug optional libgimp2.0-dbgsym_2.10.34-1+deb12u8_armhf.deb a77dea756d47dbc62cb5a07128180d95 16988 debug optional libgimp2.0-dev-dbgsym_2.10.34-1+deb12u8_armhf.deb 7d6081252f6d756e92f0dbaf70b81ec9 120496 libdevel optional libgimp2.0-dev_2.10.34-1+deb12u8_armhf.deb f095d6a5532868c9fa16d5d4c6d65a53 748172 libs optional libgimp2.0_2.10.34-1+deb12u8_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmmTeK8ACgkQXVp1sEH/ 1mKosA/7BMtk0Fw9VCbYWdujHWfiNljNh5fbYXllU8TBwDxlxUy8GoO3QAWFFbCg WNbdkz+9srrkN+N/nSlxCcFeZIT+F/PEOdIsbq+eV9xONgkjx/+WxmO6dpjydqzh 99kY0h6bTOERvTiAQgUwrUpKtsnlS8jbfiJrcf0rfhTSe64h9wJV1v4fnuQli+TL 3fo6qBBHHD7Mw+LkE4oqgRU84RAmQlH+R4E6IoKkPHQv4nmW1g8Q+mKnhKDu93lV GHJAzoiOirpmX3wzV+NreyIoa0MT2xdCLCZddsWolr8p4sV4dmybJFLhz1uSJ9M7 XT1Ys2mhAZofY3QD1x2Yik+aBo57Q5eOvo09V+m45zcipwkPTVH7TxjZSiIrJdv3 evxyTtol2tleVnDEIystQiuZ5gKO+k+jrA32cM4kUvk5jG3lW8JTKTZpSpn4p16w gRq+XwsQyN1qWL8Vl+dlUwrFZyJUbX5xpDevuLCECbe+0eIGwhsM9gNjKabx7jia Nb0WMGgLM0iR7ndz1cBWUJOca3+Hwv8VfM9/UXNmBzr0SQpFLqtcZHpBJPR4btyL pWTwEfS1pDqJJnK4V+80lvvBxdZXT+38qRXZhWvFMY4bprqiu9FdpmsTQItzoGp6 P+810dbkZguQFTsa7TTCCmh8RqCjJFx7RtDE/lUOPZ+J+4TcSv8= =o1/O -----END PGP SIGNATURE-----