Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted gimp 2.10.22-4+deb11u6 (source) into oldoldstable-security
Date: Wed, 18 Feb 2026 18:00:23 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 18 Feb 2026 15:03:02 +0100
Source: gimp
Architecture: source
Version: 2.10.22-4+deb11u6
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 gimp (2.10.22-4+deb11u6) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2026-2272
     fix integer overflow during ICO loading
   * CVE-2026-2271
     fix integer overflow during PSP file parsing
   * CVE-2026-2239
     fix heap buffer overflow in PSD loader
   * CVE-2025-15059
     fix for heap-based buffer overflow and possible remote code execution
   * plug-ins: fix crash due to uninitialized ptr_array when loading a specially
     crafted PSD
Checksums-Sha1:
 8436260e50ec11db4440a103df07078133a38650 3665 gimp_2.10.22-4+deb11u6.dsc
 edbd7bd39cb934a131ea1cb6e7a84c9b6fd64937 78248 gimp_2.10.22-4+deb11u6.debian.tar.xz
 e37d453022d7af7469008edc38fbf50f87b77882 11407 gimp_2.10.22-4+deb11u6_source.buildinfo
Checksums-Sha256:
 41c87617893ff9c8a645ebb068c77944b35e744504b623e0d3cf3e1b0456079d 3665 gimp_2.10.22-4+deb11u6.dsc
 120ecb6428dc4b46f4ddaf82759d9ef28fe1cb2dd2651a0be28bffa3c26f13d4 78248 gimp_2.10.22-4+deb11u6.debian.tar.xz
 7cbd6890941f402121be12ff0d40c88fadb2281468c3e24e56fc578e692752a0 11407 gimp_2.10.22-4+deb11u6_source.buildinfo
Files:
 e196a7087a44e0d801872da5b9f9d911 3665 graphics optional gimp_2.10.22-4+deb11u6.dsc
 43e720fed4a92d5252441f0e1084287c 78248 graphics optional gimp_2.10.22-4+deb11u6.debian.tar.xz
 33d698254008965c6b5a53007fc6efac 11407 graphics optional gimp_2.10.22-4+deb11u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmV+j1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR1tMD/9H47OwZnn64A+XLitdiMbFIbvwj5cw
kJBqpfg4mSnUJ6E9REkDC3+odfxjDgWvjg/MOgViT+mMreF9aNocY0RHlXGIATNm
+Y9Yags9A4PzHq7n7i/dtafIgOFnQFS2Pfw+ivsH5uUFPMaW3/ZqGOz3J9mz9iQQ
MuMKj8+n3nrufw4ZUbMzX7CNRsGrcxqX7tGPsno2M6ymvAl6nWuIQPz0LCwXJTT/
AxiguOlH6V+u9npNr4aHt9F6/tkyddGVbQzUYjjy/Su7/ohdPAowKz9uE6XvIA+e
tbnVQypOIpghWtKl4yJJp40gI/dlEqtD+1b3iRdMo+0xS5+2pElNsTFnizLqwSHI
exiywSuzmuH/fjB6CzR9T1PRphTLxx0ZHk30HR+zkdY7S4/Dsnsz/0t8sR3MeMeA
AzywJ16uFZzUZnqb8ZQ65A+82jmaxiNkT/a7gJlAlWbQ2yt16NPsZYban/Y/quvG
0Xjmdk5G0uZc6nrcsu6JT1P+yarjNw2javyV9iV+FxOPIiLEHqOZKtYe+l8XrnsG
9lDFStRWLKllTgdV0eXOPD/m0fhWq3251O7ZaH5HKLuJH4zJ1VQVaLmydNolimjH
V/Hk+3ieZ41KGPAwfxsixnouqq4IN09BmqBTrQPhfHqOeoqtU2tEWYgmN2xSmMeF
1c3F2QAhnmuJ8Q==
=7rVl
-----END PGP SIGNATURE-----

News for package gimp