Your message dated Sat, 21 Feb 2026 19:48:32 +0000
with message-id <[email protected]>
and subject line Bug#1127838: fixed in gimp 2.10.34-1+deb12u8
has caused the Debian Bug report #1127838,
regarding gimp: CVE-2026-2239
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1127838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.2.0~RC2-3.1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2026-2239[0]:
| PSD loader: heap-buffer-overflow in fread_pascal_string() (no null
| terminator)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-2239
https://www.cve.org/CVERecord?id=CVE-2026-2239
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 2.10.34-1+deb12u8
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 16 Feb 2026 17:20:06 +0100
Source: gimp
Architecture: source
Version: 2.10.34-1+deb12u8
Distribution: bookworm-security
Urgency: high
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1127838 1127841 1127842
Changes:
gimp (2.10.34-1+deb12u8) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string
(CVE-2026-2239) (Closes: #1127838)
* Fix PSP File Parsing Integer Overflow Leading to Heap Corruption
(CVE-2026-2271) (Closes: #1127841)
* plug-ins: Add overflow checks for ICO loading (CVE-2026-2272)
(Closes: #1127842)
* plug-ins: fix crash due to uninitialized ptr_array when loading a specially
crafted PSD
Checksums-Sha1:
a26adc5b68435b6938ebee8aed6849dc1c5248ab 3689 gimp_2.10.34-1+deb12u8.dsc
4301c92a586b1bc86270d0b1b358b3ab29876bd2 74984
gimp_2.10.34-1+deb12u8.debian.tar.xz
4938a74309f0f083c5fbb8bb936be75e03d7ac81 8242
gimp_2.10.34-1+deb12u8_source.buildinfo
Checksums-Sha256:
71b9498bfefdf426392e3be5f731554a4c277e1e88b03c7e70ecb4a1430e7ac5 3689
gimp_2.10.34-1+deb12u8.dsc
32841093acaf7534d8ad5fbe5e03a28c897b5d4b5e2ca307fc73a562955d6f26 74984
gimp_2.10.34-1+deb12u8.debian.tar.xz
4689035d8a0ede1577c6e98e48c9742bee12c61815a49aa9d9464b65ce2c4633 8242
gimp_2.10.34-1+deb12u8_source.buildinfo
Files:
e1a8c665f083765fd2192aaf3cf9e41d 3689 graphics optional
gimp_2.10.34-1+deb12u8.dsc
9c8376ad22a5bcd3314b6dd9fab0bc31 74984 graphics optional
gimp_2.10.34-1+deb12u8.debian.tar.xz
a51768ab49e29f5654d55dff98af1a56 8242 graphics optional
gimp_2.10.34-1+deb12u8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmTb6VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQZQP/jmnO6cVDE14/tNKNHGBAw7nWXaycVp5
e/zKdAX62W+DqHYbSaM6htFSqEr02Yeh9AtQyRF0YEhbiCvqUbXlKqaIBp6R3Ik2
OmCQnSZaT0lrETcSZbBu4N4m9LqSZwzR0rpVnwAoWVzYShBvdAIdpHtAsE2REFvE
E9vb8oJ73R3V6uNNqq3TLEdiY0MEVOwCfw8Qu7B5dsG7ML2r6515xeJ+Q+uA4box
iQG7pkgCd6KCbjRHQvHtbev5/9y75UyC+5dFRk7lI8DLEwIzooyIan/2YCstymf0
CxK030vu0HNFKrrZDuoLUgzv9F4WTL6GI3NnujSgmsCa77uWVPAaCFId0MQgVKTp
wMMIv+Z5IthoRgiSp5mEdHTGbk36jHZRH1y099hT2yhECwea9LEx3AMBb+PpOUNq
yBG7Lzt9DxPH9AHzzc6u5Tam9ai9TORBh8QVrNQJYqbIs+APZrwZsTjJM3MB76z7
h/MZ0AN2ujPX54BK+zROvhxPT4hHuNpZ4b4VbXo9zObp6X8eoH35UgZeV7ZZlZzg
+3p/E6Bm3idzOOs+5fQyv111mNqfmbdHTQ+vEGdrz/R4/xuKngnoOxOFh6Zr2Ign
cjNRlMWFI2dMwRmKo0IAJakLVtkpiZrTxi59Zw+qpEHwM67wKQcxej00GfSIZTXt
fBKufEtyNHwT
=XTA2
-----END PGP SIGNATURE-----
pgpLSBGHqqnqQ.pgp
Description: PGP signature
--- End Message ---
