Version 1:0.4.62-3 of gegl is marked for autoremoval from testing on Sun 26 Oct 2025. It depends (transitively) on lensfun, maxflow, affected by #1113100, #1113269. You should try to prevent the removal by fixing these RC bugs.
CVE-2021-45463:
(needs triaging)
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
Migration status for gegl (1:0.4.62-3 to 1:0.4.62-3.1): Waiting for test results or another package, or too young (no action required now - check later)
![[bug history graph]](https://qa.debian.org/data/bts/graphs/g/gegl.png){kind=link}