Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted gimp 2.10.22-4+deb11u8 (source) into oldoldstable-security
Date: Sun, 19 Apr 2026 17:50:16 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Apr 2026 12:03:02 +0200
Source: gimp
Architecture: source
Version: 2.10.22-4+deb11u8
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 gimp (2.10.22-4+deb11u8) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2026-4150
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (PSD file parsing)
   * CVE-2026-4152
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (JP2 file parsing)
   * CVE-2026-4153
     fix possible remote execution of arbitrary code when processing
     crafted webpages/files (PSP file parsing)
Checksums-Sha1:
 b155b1d1d08895389379d92f2fbbeceb43c63c66 3629 gimp_2.10.22-4+deb11u8.dsc
 da1687341e846fef784485511809da2988cb8200 33152226 gimp_2.10.22.orig.tar.bz2
 4658b908b6d80701a43342fbc4f82cbac8dbc5fd 81564 gimp_2.10.22-4+deb11u8.debian.tar.xz
 281ba3513e9de337b1e470b744f3496c84812a4e 21871 gimp_2.10.22-4+deb11u8_amd64.buildinfo
Checksums-Sha256:
 a1d1ad086ccc432499e515692f7e1899752d3cb3e0258f10b5d36deb7d6f7ba5 3629 gimp_2.10.22-4+deb11u8.dsc
 2db84b57f3778d80b3466d7c21a21d22e315c7b062de2883cbaaeda9a0f618bb 33152226 gimp_2.10.22.orig.tar.bz2
 c08e009c2d816b176a46d36966d224d18623a6cf06110214af1d7b4f6023675a 81564 gimp_2.10.22-4+deb11u8.debian.tar.xz
 dff6d3c02fe526cb374d882947558f5f4cbd8d1674cf4b9ddd57afda56711f85 21871 gimp_2.10.22-4+deb11u8_amd64.buildinfo
Files:
 bd370537c07a8d266a1c6c79c518cdd5 3629 graphics optional gimp_2.10.22-4+deb11u8.dsc
 9d559ba6f039da033754f1d62a91cc39 33152226 graphics optional gimp_2.10.22.orig.tar.bz2
 bdef454c3313d58a1a2fe12f7f2f5ffa 81564 graphics optional gimp_2.10.22-4+deb11u8.debian.tar.xz
 ad4b71485787a28b65670a07ba6b980a 21871 graphics optional gimp_2.10.22-4+deb11u8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmnlEMRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR4f7D/0d5tIAYk4oTVj0TrnkXNSFWuxnKs9A
G7suP/5ajRlsOTSD7YbmRXoPQSGIzcISTxBwmRfj4AWGcCu2ojjHL05SFtWAkyzK
u7qGkQVOZjZDU116l2SMcefzhPo7/RSXFttGZoYQoIYWZmAmj4PCv1TXLaWWMNQp
7EoLmKVk+uIO0NWLNSbPtyTMnOji5qCdUSeLu610Sd8FWct3f7r65q1fdbQWG/UZ
ytKvLuxP5HJycVMN0QGW6AbjVPTH/HrcT9FKx5YZZUQ2o7H4LOqjyfHNdhL6mYZ/
Xxabyx/SGr6q6q2stjFmR1X6z+0HN24vD2sX740CiGb0kKwWbG4U20oLZMxXh/Jo
y6rab1hJiOmEyjEgY+kwanvlSFrsEf3fTJYX9yM11/B6CjixLtD9ETZqS4eF5DTP
l5vO5jy58Kehs0WeJf9dP1x1rt2TaV+naMbb+K4NaJysBhwM1zFtlzsYJYamcbLv
pJUaEQxC9YnAS02m9LmvcZBey4lESa8RRPMfe1gGW58h1eFpVI5NsrHzjXYWxB7t
iecJ0kSSZAC6UN6xfXA9nBIIezhdgxx8ddj5G4fg0eCJuFvf1iYsN0SUtfeqpSDr
RfkF5SOYL4sV30gFl+p9HYam/8cGcjaYAQ3IRwrsI4Dw9tx6ER5RkpHu7hKH74VY
oRoHdRYTzPMT0Q==
=DEAO
-----END PGP SIGNATURE-----

News for package gimp