Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted gimp 2.10.22-4+deb11u4 (source) into oldoldstable-security
Date: Mon, 03 Nov 2025 20:20:27 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon,  3 Nov 2025 21:00:47 CET
Source: gimp
Architecture: source
Version: 2.10.22-4+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 ddf9876fc21b7cab5bf1b9e025bb2fd497871702 3621 gimp_2.10.22-4+deb11u4.dsc
 da1687341e846fef784485511809da2988cb8200 33152226 gimp_2.10.22.orig.tar.bz2
 a6ad4d49ad5666a2e3efa23457ea98214ddf89f8 73988 gimp_2.10.22-4+deb11u4.debian.tar.xz
 23cc09310fa3bf5958e029d74f60e8b685be595e 22091 gimp_2.10.22-4+deb11u4_amd64.buildinfo
Checksums-Sha256:
 93ccf60ff5ea41c8279570ebf78f745703bd576ed430ecc79b13ee752c35eebe 3621 gimp_2.10.22-4+deb11u4.dsc
 2db84b57f3778d80b3466d7c21a21d22e315c7b062de2883cbaaeda9a0f618bb 33152226 gimp_2.10.22.orig.tar.bz2
 0ebf706b99cd018ba905b33af84996b12819efb2c2d773c7bdecce4b129d9361 73988 gimp_2.10.22-4+deb11u4.debian.tar.xz
 93ae92c6598adba278849427ecfb4cb2167396c930643e2a64cef2afb4bfdfba 22091 gimp_2.10.22-4+deb11u4_amd64.buildinfo
Changes:
 gimp (2.10.22-4+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2025-10934:
     GIMP, the GNU Image Manipulation Program, is vulnerable to a heap-based
     buffer overflow when parsing XWD files. This vulnerability allows remote
     attackers to execute arbitrary code on affected installations of GIMP and
     requires the target to visit a malicious page or open a malicious file.
Files:
 5d62c9c2facea2c112dba332c65e4f0d 3621 graphics optional gimp_2.10.22-4+deb11u4.dsc
 9d559ba6f039da033754f1d62a91cc39 33152226 graphics optional gimp_2.10.22.orig.tar.bz2
 5ce00f9dfebf569e10e596a9c58fcdd5 73988 graphics optional gimp_2.10.22-4+deb11u4.debian.tar.xz
 01e0d82b43f71b740faa0fba6215ac9d 22091 graphics optional gimp_2.10.22-4+deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmkJCgxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktN4P/3yWsP5kK2JqJRPyS9LVzF1ijR1nJ8phm/Gq
IU4Geh0ZVzZw9UCdGTzUfqRga88mMfC9AbxUQRHYu0bsaheNqZIcGfTICMIpoFpA
fONk5TOX0gfu0DcK5r3SI2tI0XUqAugS8sG7hsXdv3MUoQgcD/qMRUAhpFGrEJAh
zX0d8/YCWPDIowkZfrDKVfmhfjXqnV1rz3SXTzmjp8//g8RGrbXW/udiSi4BKgIn
1qwAgX85/AWo0D6XmkhvPq2dXQ1IYx5yFlo0teNQLkyjkr0SQX1+pk2rwE/XbxtF
uI51VtMwvrHNXgmA7KCxYu2jpWx/GZF5n4pW2UZ2bqbWeCQ5u2a/WNuWwFKPKY8v
7LjgTXkMJ9hWp3xmI3SkaZMhn/WTVi0x1vDB6zw7M9k8EwbkjxVh6BsJw49p8Dci
8yRHQlIH6zPbBjiiwKXqCSeDeWCllMbyF0wNDb+EGIRq+GfOAnJdMSP2Gwh8zGsh
rDeipba7thKnhAa5ddaf5Iv73kVvIun14OGccWoH0kcngUiN6Un2r7j+Xvaiq4Pj
yVZ+XTIjxajmFmzRVO+ZZKBVEnylBD3NBfGwBq321EZUP3aFtS478zbIVLYakezJ
oN3ARDdlwPjMeYfXf6LPvuX9KQEh7tDE4ESd8irBCVvYMyIqKl6fD/XrjVO1dD8J
OKUp2IGM
=fo9K
-----END PGP SIGNATURE-----

News for package gimp