-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 17:16:47 +0100 Source: gimp Binary: gimp gimp-dbgsym gir1.2-gimp-3.0 libgimp-3.0-0 libgimp-3.0-0-dbgsym libgimp-3.0-bin libgimp-3.0-bin-dbgsym libgimp-3.0-dev Architecture: arm64 Version: 3.0.4-3+deb13u6 Distribution: trixie-security Urgency: high Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Salvatore Bonaccorso Description: gimp - GNU Image Manipulation Program gir1.2-gimp-3.0 - Introspection data for the GIMP library libgimp-3.0-0 - Libraries for the GNU Image Manipulation Program libgimp-3.0-bin - Development binaries for the GIMP library libgimp-3.0-dev - Headers and other files for compiling plugins for GIMP Closes: 1127838 1127841 1127842 Changes: gimp (3.0.4-3+deb13u6) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD Checksums-Sha1: 5605a97a907d37a9b2dd2b7c2c7b1459ebcebf2d 17466620 gimp-dbgsym_3.0.4-3+deb13u6_arm64.deb 4b0a7b809887a5836878230577c744e69df375a3 23260 gimp_3.0.4-3+deb13u6_arm64-buildd.buildinfo b02faed7f9497b5950b175a079171b7b5f0c5810 6188528 gimp_3.0.4-3+deb13u6_arm64.deb 7d53db2f10670936cf124543978506070f219125 93372 gir1.2-gimp-3.0_3.0.4-3+deb13u6_arm64.deb dbb412c04e5bcf10d1bf03a544b70d5f46c83848 2024224 libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_arm64.deb 6712ffb0514d449fe2e3df4b23d1b1b3b3327b53 993152 libgimp-3.0-0_3.0.4-3+deb13u6_arm64.deb 34a09353dc9f51b996744fbd8ef296cb11a70065 18372 libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_arm64.deb e39f004ff0f00a8db20c8249aa2d0229eb8af302 31648 libgimp-3.0-bin_3.0.4-3+deb13u6_arm64.deb 92fc6f94095c53c096a61b972b6859db4e3cfcd0 360104 libgimp-3.0-dev_3.0.4-3+deb13u6_arm64.deb Checksums-Sha256: 1fc4652ccb28408315e9ac32d06f6b1f64067b81f459d922baa1ebba238deed4 17466620 gimp-dbgsym_3.0.4-3+deb13u6_arm64.deb 3f7203dbc0a22a988f8e7c88e9037c688d80dd674c1ea08809abcda2412539f2 23260 gimp_3.0.4-3+deb13u6_arm64-buildd.buildinfo f18eaf6f7d139503c725ea407a78b4a4a260e008b5356058512fe4c3202b2f1e 6188528 gimp_3.0.4-3+deb13u6_arm64.deb 7ba592fd8fab3ff8488b40d8f1dbae6419560f7f44dc041643a7935e75caa3f5 93372 gir1.2-gimp-3.0_3.0.4-3+deb13u6_arm64.deb 4254adf09fe5dd579dee06ce390d8165b695ac84808d8b7bfaaf84fb70a3feca 2024224 libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_arm64.deb 308c2ce2ac1d57aeca0b9543dc3b73607e1bbe60eaf4ebccad26098f1231acb9 993152 libgimp-3.0-0_3.0.4-3+deb13u6_arm64.deb 3bbb7cf72d9d2f812c79e8ab927a42e5c7dc99a7384c388b01d5e58606ba1986 18372 libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_arm64.deb de1d3ad0ae0bcfce0597b4ae903d772875200fd0f4067d8661f890c5c7755b95 31648 libgimp-3.0-bin_3.0.4-3+deb13u6_arm64.deb 2aab486a5a76f7505c7c96a4f2d37131cf47e5ff110a27c5f704394c6ce14074 360104 libgimp-3.0-dev_3.0.4-3+deb13u6_arm64.deb Files: 57d6aa6686bf89c5dcf0139b0420f857 17466620 debug optional gimp-dbgsym_3.0.4-3+deb13u6_arm64.deb 323e912a3a1cf95ba08df2b710aeb2ca 23260 graphics optional gimp_3.0.4-3+deb13u6_arm64-buildd.buildinfo 62d8972e11d3b1230bb972aaf76684c9 6188528 graphics optional gimp_3.0.4-3+deb13u6_arm64.deb ebf6dec6f3ebfc0fd3959f57fb474985 93372 introspection optional gir1.2-gimp-3.0_3.0.4-3+deb13u6_arm64.deb aa37af0b715323367a69fa734d9d8d60 2024224 debug optional libgimp-3.0-0-dbgsym_3.0.4-3+deb13u6_arm64.deb 8c3570d35a1a04e421da39731bb1f509 993152 libs optional libgimp-3.0-0_3.0.4-3+deb13u6_arm64.deb bb55448c72964887c4e0ef20e5361f2f 18372 debug optional libgimp-3.0-bin-dbgsym_3.0.4-3+deb13u6_arm64.deb 7c80cdb9f5f909552a62e82c37ed23be 31648 libdevel optional libgimp-3.0-bin_3.0.4-3+deb13u6_arm64.deb 18c486d89af8da6dc7519a2af73ebc02 360104 libdevel optional libgimp-3.0-dev_3.0.4-3+deb13u6_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmmTaawACgkQXVp1sEH/ 1mJsKg/+JnmBWZ7kZpWxbxMTU9DuJnB4o4LC5kTVhVyUwJAnlTxIl4pgTiU33HR8 GPQgNpo3i8KyDXph38T3KlTdMaYeY1SOQ4y8UhFfa8gB/FuuYDLHU6Zpf4GTy4eP VvBKxvh2+WSq7pKGB/TJVm85bmE/bXD+8LDoF+iX0z0de1BKl5rua5Usa2ozaywK Y4TjWsriQEQaA3kXyT8R/8dclKO0n42WmvsnNq8cxkYCCc87HXTYR9GigHfK+Lv9 cOBRnVr/07UPl8M+7bN+Q/3qCpKZxP9uexA8aGfJUOWxW7H7EDCX3Do4KlqMjQrw neyP36H3yxQ94E3pWe9EM8XfOrTi07ltHrw60G4MMg4TMlIpjjnsC+pk7BfnvSeg /FvmHSwFDfk6SxacKDcLt3AfInRtn5SJ2sj6l1K6pSmJ/J7qDXaDiy6Jdz7vQJMK ADVlQus7MsZNAqi9+wMtLqLU+/ughmd7xcHJhCUquOIsdXPo4fIk3IG7shSQeHIJ Wm9OVoxU0/jqLBYLPux1YKYDCf/nfeN9I0vyGTDynmqBYXnbxm0SoALBvsVgufou wE89qQs0WiOsjx/eOB3JZVOw0UYpHrsQK3GRlUV4hc4LYgeb+KrHgr/c1fRYYMuV 5sTNjQ6ZFXgFqD6DcxQkhI/a2zaqIgEeKBW7i488TVy9+adEa8Q= =V82E -----END PGP SIGNATURE-----