Your message dated Mon, 16 Feb 2026 04:48:41 +0000
with message-id <[email protected]>
and subject line Bug#1127841: fixed in gimp 3.2.0~RC2-3.2
has caused the Debian Bug report #1127841,
regarding gimp: CVE-2026-2271
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1127841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.2.0~RC2-3.1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/15732
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2026-2271[0]:
| GIMP PSP File Parsing Integer Overflow Leading to Heap Corruption
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-2271
https://www.cve.org/CVERecord?id=CVE-2026-2271
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/15732
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 3.2.0~RC2-3.2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Feb 2026 17:03:45 +0100
Source: gimp
Architecture: source
Version: 3.2.0~RC2-3.2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Extras Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1127839 1127841 1127842
Changes:
gimp (3.2.0~RC2-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string
(CVE-2026-2239) (Closes: #1127839)
* Fix PSP File Parsing Integer Overflow Leading to Heap Corruption
(CVE-2026-2271) (Closes: #1127841)
* plug-ins: Add overflow checks for ICO loading (CVE-2026-2272)
(Closes: #1127842)
Checksums-Sha1:
d656b53f50c65fb941e380ee60ed83c7538b9bac 4427 gimp_3.2.0~RC2-3.2.dsc
925eee7f1335984a38be0317af6095823574899b 68412 gimp_3.2.0~RC2-3.2.debian.tar.xz
7c9547ee07acf57396aff9e8ed04018ec923daad 8594
gimp_3.2.0~RC2-3.2_source.buildinfo
Checksums-Sha256:
cf8cfedc2e16c5885293b93616c9cee8c4b7a275d96a02255795c64979371586 4427
gimp_3.2.0~RC2-3.2.dsc
f88bdbb4c75d896ecccc53fb5a93b29e7b86e1f5dd48b32219653801bfbda11a 68412
gimp_3.2.0~RC2-3.2.debian.tar.xz
f4a981f0243c0a80d1d2ce03a8197cac83ea426c51662af1cec3dfec38997290 8594
gimp_3.2.0~RC2-3.2_source.buildinfo
Files:
336b96b85521aed652cd5dcb9c488469 4427 graphics optional gimp_3.2.0~RC2-3.2.dsc
60de25d78bce7ea09bff1bb3499bb638 68412 graphics optional
gimp_3.2.0~RC2-3.2.debian.tar.xz
e17cb7c9e5adcb023bd249181110b7f8 8594 graphics optional
gimp_3.2.0~RC2-3.2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmSJzxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUwsP/iWoFeGc+IB1AoOZg+MUnsrmzG4uX8HK
c5+vFg+dHnZf3vzYt5dBQQshkKJ9jQTJRnIhrPVdgXcp4SP8C/kwn5+0iZ93fhN6
QepE3eFWqR+ZdeAPmrtPzF0tPJS9aUUJFU5dFFgbtLxKGHHRvbaKJAcSUVGB+IpO
76wv6s1f9ZBEAdpHoQ/D2rQlWztoU4ZJ/veYJaFAt0bACQ7uFuLpUfIn2EOs66zd
dxqHpBc0g/UefuhFW6k1jqzNO0rjjrKkm3tk6IFmBhyRRDcXLSMtsOY/jToaD7YP
2Fugj5G++1kpdi9WRpJ7ia69/1GL71qRP0Y4NUc+/IPyyHobgkeVwX9CGVtndG2R
eFrzLrCWCUF8Ye/DhbOhyHnRqPuERkAv2T7R/kWpU+SGVlVxbY1QTLJq3pHIMrRY
F7CZY8cg21jb5I/yMt6aaEJQbXj+dxtcZ1aYyjVwlRfaDLrZMt9o9FnDm5R5v3MS
hB7dviXgpBmVw3boT1RkZCGzWBtt4t7WbMF6t5GqBGiNPp9EEO3Q+9PzZZYvT6Ah
24gvQGpwK5rM2LOtTRyklPUecfhbdb9ug4DChe+iHe1cV2Hj03ztslO/AZrQ4HaO
pF5eU2F6uj+SiA1NAxYEiwBRHCgxYD1VBJnLeh00gkEmjciHiKAaQzwXVKZpM0Q8
W1YAeh2HFKxa
=NhmB
-----END PGP SIGNATURE-----
pgpulVyZ1Cafd.pgp
Description: PGP signature
--- End Message ---
