Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted gimp 2.10.22-4+deb11u7 (source) into oldoldstable-security
Date: Sun, 15 Mar 2026 10:50:25 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Mar 2026 12:03:02 +0100
Source: gimp
Architecture: source
Version: 2.10.22-4+deb11u7
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 gimp (2.10.22-4+deb11u7) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2026-2048
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (XWD file parsing)
   * CVE-2026-2045
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (XWD file parsing)
   * CVE-2026-2044
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (PGM file parsing)
   * CVE-2026-0797
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (ICO file parsing)
Checksums-Sha1:
 3c6104d8964c2da2884989ac845b43f1f483d41b 3629 gimp_2.10.22-4+deb11u7.dsc
 da1687341e846fef784485511809da2988cb8200 33152226 gimp_2.10.22.orig.tar.bz2
 0cb737e34e67681e928b59913b8825e0428d9024 79964 gimp_2.10.22-4+deb11u7.debian.tar.xz
 ea790e3570051da89902348ae1bc77b058519da2 21871 gimp_2.10.22-4+deb11u7_amd64.buildinfo
Checksums-Sha256:
 d20442e3c3c5d206454d2e130e74b1890c6906443b06008d82dfbb5e00c1f80c 3629 gimp_2.10.22-4+deb11u7.dsc
 2db84b57f3778d80b3466d7c21a21d22e315c7b062de2883cbaaeda9a0f618bb 33152226 gimp_2.10.22.orig.tar.bz2
 c582b5f15795c7aa9826718d3e53480623127c2b38fe0ce457bff4b61dbe1f48 79964 gimp_2.10.22-4+deb11u7.debian.tar.xz
 5e6fd3e54cc6a9a09483cbf9ea7cdf627bfe3825b133beb5061df4bad9f8fe4d 21871 gimp_2.10.22-4+deb11u7_amd64.buildinfo
Files:
 df91be52cbd3016a8a589476fe8d4cc2 3629 graphics optional gimp_2.10.22-4+deb11u7.dsc
 9d559ba6f039da033754f1d62a91cc39 33152226 graphics optional gimp_2.10.22.orig.tar.bz2
 a40c1ae83929cd3d98e02ac7c733dee6 79964 graphics optional gimp_2.10.22-4+deb11u7.debian.tar.xz
 920ccede5b22404f582d06dc30f90788 21871 graphics optional gimp_2.10.22-4+deb11u7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmm2i59fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR7oxD/95qsNmzW+sitfpzcgd6hvuR5IFx6yV
bPj4Lb/0UUWfolPhWofzW64Djk+B1pe2hJAMISuSgQF4UrG4lbZxnm00v/j5UNOl
ktMWb2cUHd7hD379s5DnbU1M53/g86fW5XuNijK2uSzcRBnyDfnxZA6VtP80rBqT
NspSqZfMnNCsUoqHFpjBX289bF+R3LyLwLhZZW10CA468Q1FqPejN57DgCl6pii6
2/vY+QQufM6Rr+kqSRGdzHJFdw9qNQo4XbrIDTKIsmp0qh9oDKYDN8Ig98g+2NwE
srQ3z4b/yy1eUQOBZaoPw380y4hM/1LgO4JCOCfIJvzC1nLDfkDmc3fJ3EAUUGxa
J3mV4DMRnAWzrpOnIuEPE694k8tXjc32UAWd4vyLu/EoApSG6rqToRCiL9unn8AX
3QvUN3IykLnLeFxOUIbbMp2KLu30mdQZpG6v4VyV0Ax0d+HRHjmrPZFhHsbDeNx8
J6TbNSBGdHtIPS2K6zT+AGip8j9mAl1jY33ZmwfDyzdDGrp/w7h10pg7pQPlxvJB
/aQdOlGvhg3mk9YDsgMGinzUimM9KW59f81zxoVJM4kJFjR9kWh4WA1OXrTDC46J
CeXQVgLKGtG5GwpsrApvuOCzbNOlDdOMBlskjylbv9KaFVmsdaNUE/N8XSZxkEYU
DdRES7QIQPqT7Q==
=OLEt
-----END PGP SIGNATURE-----

News for package gimp