Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted gimp 2.10.34-1+deb12u8 (source) into oldstable-security
Date: Wed, 18 Feb 2026 11:02:20 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Feb 2026 17:20:06 +0100
Source: gimp
Architecture: source
Version: 2.10.34-1+deb12u8
Distribution: bookworm-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1127838 1127841 1127842
Changes:
 gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string
     (CVE-2026-2239) (Closes: #1127838)
   * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption
     (CVE-2026-2271) (Closes: #1127841)
   * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272)
     (Closes: #1127842)
   * plug-ins: fix crash due to uninitialized ptr_array when loading a specially
     crafted PSD
Checksums-Sha1:
 a26adc5b68435b6938ebee8aed6849dc1c5248ab 3689 gimp_2.10.34-1+deb12u8.dsc
 4301c92a586b1bc86270d0b1b358b3ab29876bd2 74984 gimp_2.10.34-1+deb12u8.debian.tar.xz
 4938a74309f0f083c5fbb8bb936be75e03d7ac81 8242 gimp_2.10.34-1+deb12u8_source.buildinfo
Checksums-Sha256:
 71b9498bfefdf426392e3be5f731554a4c277e1e88b03c7e70ecb4a1430e7ac5 3689 gimp_2.10.34-1+deb12u8.dsc
 32841093acaf7534d8ad5fbe5e03a28c897b5d4b5e2ca307fc73a562955d6f26 74984 gimp_2.10.34-1+deb12u8.debian.tar.xz
 4689035d8a0ede1577c6e98e48c9742bee12c61815a49aa9d9464b65ce2c4633 8242 gimp_2.10.34-1+deb12u8_source.buildinfo
Files:
 e1a8c665f083765fd2192aaf3cf9e41d 3689 graphics optional gimp_2.10.34-1+deb12u8.dsc
 9c8376ad22a5bcd3314b6dd9fab0bc31 74984 graphics optional gimp_2.10.34-1+deb12u8.debian.tar.xz
 a51768ab49e29f5654d55dff98af1a56 8242 graphics optional gimp_2.10.34-1+deb12u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmTb6VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQZQP/jmnO6cVDE14/tNKNHGBAw7nWXaycVp5
e/zKdAX62W+DqHYbSaM6htFSqEr02Yeh9AtQyRF0YEhbiCvqUbXlKqaIBp6R3Ik2
OmCQnSZaT0lrETcSZbBu4N4m9LqSZwzR0rpVnwAoWVzYShBvdAIdpHtAsE2REFvE
E9vb8oJ73R3V6uNNqq3TLEdiY0MEVOwCfw8Qu7B5dsG7ML2r6515xeJ+Q+uA4box
iQG7pkgCd6KCbjRHQvHtbev5/9y75UyC+5dFRk7lI8DLEwIzooyIan/2YCstymf0
CxK030vu0HNFKrrZDuoLUgzv9F4WTL6GI3NnujSgmsCa77uWVPAaCFId0MQgVKTp
wMMIv+Z5IthoRgiSp5mEdHTGbk36jHZRH1y099hT2yhECwea9LEx3AMBb+PpOUNq
yBG7Lzt9DxPH9AHzzc6u5Tam9ai9TORBh8QVrNQJYqbIs+APZrwZsTjJM3MB76z7
h/MZ0AN2ujPX54BK+zROvhxPT4hHuNpZ4b4VbXo9zObp6X8eoH35UgZeV7ZZlZzg
+3p/E6Bm3idzOOs+5fQyv111mNqfmbdHTQ+vEGdrz/R4/xuKngnoOxOFh6Zr2Ign
cjNRlMWFI2dMwRmKo0IAJakLVtkpiZrTxi59Zw+qpEHwM67wKQcxej00GfSIZTXt
fBKufEtyNHwT
=XTA2
-----END PGP SIGNATURE-----
News for package gimp
