Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted gimp 3.0.4-3+deb13u6 (source) into stable-security
Date: Wed, 18 Feb 2026 11:02:31 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Feb 2026 17:16:47 +0100
Source: gimp
Architecture: source
Version: 3.0.4-3+deb13u6
Distribution: trixie-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1127838 1127841 1127842
Changes:
 gimp (3.0.4-3+deb13u6) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string
     (CVE-2026-2239) (Closes: #1127838)
   * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption
     (CVE-2026-2271) (Closes: #1127841)
   * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272)
     (Closes: #1127842)
   * plug-ins: fix crash due to uninitialized ptr_array when loading a specially
     crafted PSD
Checksums-Sha1:
 1dc0364c68426b21b584640980fc0f0adc5ba0f3 4096 gimp_3.0.4-3+deb13u6.dsc
 a6a0a79e5aaa5cb26a752fbffe10075bb87324fa 71940 gimp_3.0.4-3+deb13u6.debian.tar.xz
 1762e00a52ddd1594305190a185be87fb86fd262 8594 gimp_3.0.4-3+deb13u6_source.buildinfo
Checksums-Sha256:
 260b7f178f00bec57b337bcb76b9da402dcd13de25db17f8e809237276d10927 4096 gimp_3.0.4-3+deb13u6.dsc
 8c7ae4a759b8153daf4a8502a8185b0cb2a0adc36d6f189b2cf38d444e937f5d 71940 gimp_3.0.4-3+deb13u6.debian.tar.xz
 81ed6d84f87195a04aba4e49922747235923bb28bb218912f1b0c4fa1a1972ff 8594 gimp_3.0.4-3+deb13u6_source.buildinfo
Files:
 fae2228bdc13d0055358e14e8d1c95e8 4096 graphics optional gimp_3.0.4-3+deb13u6.dsc
 b8a72879c912ca9c217ca6c0603aaf01 71940 graphics optional gimp_3.0.4-3+deb13u6.debian.tar.xz
 b3f3c75510aa8e3acddf7153b04d1c63 8594 graphics optional gimp_3.0.4-3+deb13u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmTYtlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E73gP/j6hmfamNlfGx3uiNBjhfta0ixINP3gG
r80bmhn23BfqTJZRHf5Rq/Ikwqi12V2N8RjVAQBqKxkulTO7+Mu3ICrhSjznF4KK
Vnply1U0oQvUvcgA/zrKChKN5TYkxy/j/VIGaCGfeLK3pCIAQLe5zuuoor4IZXPw
TCR1m/KbjdGIPVzX8SNuKh1sj4UTk6Dhzny1Hj86eznowk5jSkTRce+NrIx7xi9G
ZUwggvN1e4dN981baUSwaMJ5gmeOsuwNrOAWg3m5ZcmT/QpJMUiGzmYVdPRwK1+1
q3P6im3s9Odl7VqDwSaOwwKp6438m9J0xhqfvK4CAqZczzh5Ak+l7VB4No8sukAT
pSX2OJp6P4La0PSaibKB7viSCC4HJyNc8U5Wj4AbdX/UAPE+0TcBDg/MYw5TB5K8
2PL9Ot5iDhTWRGSSnszcdFIdzMuaLb0Ae0gnkUj/DpQzy34xu8keVucPWzlxu3ok
Qh6FpkeKB8hEMZOHxhwWTSBv/rHfq4k6z3cmCyH6k5H0Jgi+mNUAh8I6m7502KlO
B6Ip/dkn3mzF7FoxnmvViEnhNmMf5Ct1QsQyaiNtGwWPtQaxREi6sP3FjVz0A4LG
KPL8nzBxu4RQk0DA11ChfzBLzIiEHXWNSWsNhxErTwD9YFXKUlF7Xe1QL+q2mXGo
9EKSw6DA5zUj
=59oZ
-----END PGP SIGNATURE-----
News for package gimp
