Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted gegl 1:0.4.26-2+deb11u2 (source) into oldoldstable-security
Date: Sat, 21 Feb 2026 10:00:22 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Feb 2026 10:03:02 +0100
Source: gegl
Architecture: source
Version: 1:0.4.26-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 gegl (1:0.4.26-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2026-2049
     fix of heap-based buffer overflow, which might result in remote
     code execution (considered duplicate of CVE-2026-2049)
   * CVE-2026-2050
     fix of heap-based buffer overflow, which might result in remote
     code execution
Checksums-Sha1:
 b64aa82fd7770c3aefaf72509fb6a666e41df604 3234 gegl_0.4.26-2+deb11u2.dsc
 916ef2bea01e269b1bd1b3825d04331e17aeedb9 4942492 gegl_0.4.26.orig.tar.xz
 00cd69952999e2c93fe1f3f14f1f2d164dba7656 26084 gegl_0.4.26-2+deb11u2.debian.tar.xz
 760e5be6eb4c34f4d23f9e168cb7147e8a4d265e 20828 gegl_0.4.26-2+deb11u2_amd64.buildinfo
Checksums-Sha256:
 f3efb396ae9ecd619ed0815c0b563a37824f8e69d8c95335f7253f73de47f226 3234 gegl_0.4.26-2+deb11u2.dsc
 0f371e2ed2b92162fefd3dde743e648ca08a6a1b2b05004867fbddc7e211e424 4942492 gegl_0.4.26.orig.tar.xz
 20a45b002822d8813e2ae36448dbe812e6fe1f35db1c2fb1061c48427aa946a9 26084 gegl_0.4.26-2+deb11u2.debian.tar.xz
 4e302051304f94f333d6134eae0d367133a1ddeb83ff7ac256250151eef33aef 20828 gegl_0.4.26-2+deb11u2_amd64.buildinfo
Files:
 0d811fa3c6bb48f9255ff53f155a4bc3 3234 devel optional gegl_0.4.26-2+deb11u2.dsc
 4756ac2a8cfca8591f12dbf3f6701b14 4942492 devel optional gegl_0.4.26.orig.tar.xz
 d096d35c64affdc7b3cd9981faf75d0c 26084 devel optional gegl_0.4.26-2+deb11u2.debian.tar.xz
 f967c8201f03d8a0d5bcca23dd9351cd 20828 devel optional gegl_0.4.26-2+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmZfYBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwd+EACfgfO0zxBnb9xYhNZFrTrUBD9u352y
y8GHjV27AHiy2i1pI4EL1VxMT2ulIioFlVMMOTO1KAHvH1bJs9HCKqIfL4+RyOuA
6bw8jyIytjFy12HaEC8Z7nRB9H01QgwitkwdysVLuraZ0XHRoGFKERSFw7kaZ+Xm
EYlpzI6TiYdKVbJ6o+Nsm8DEAqdc4bIo4YCvNhfUykSZt//aS6z26qgZt5wxhITe
mQwnkagSM2bYXTNqBaGCsz1QmUoLRNw91aSHoa4ALbFwN+lapYp3i7HC+GCf/DfL
tclTtPaybbS+vNpseca4mcPZ8zwgPF4kaOXOLjEgCzMnC0QCOLsBhNUg1fXFV1Jt
FUt9Ij9eIrcNCQJ6zK0UELAyJhpzR7h9bhH7D7U6ByLka34p7K081kkddJyYfTG0
++ZyVRsFtKYlGakxOnzd9SvFRJfiIVBeP+AV9Ve4h3D8QrYKw5B1EWJi2f7a/z7Q
F/zpL2MkBQ7mYdqYx/z1i420mV2baEIs3TZUSeNUK8PqKg1zfjjza1j8k/UigQJh
63RFWcZdMUIj6cSVsmpJYLYHePrG2/F/bQI3MlOyRT0jGTBWxoEdo2waqQC/dYaS
0j3xdgthfwlwMy62yJHL4OAj7prAoaFDMaH82MntbBYqo/nYQzbNKanIVOFCftVl
wacX9hJI0XQRLQ==
=6eFE
-----END PGP SIGNATURE-----

News for package gegl