[SECURITY] [DLA 4500-1] gimp security update

Sun, 15 Mar 2026 06:30:32 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4500-1                [email protected]
https://www.debian.org/lts/security/                    Thorsten Alteholz
March 14, 2026                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gimp
Version        : 2.10.22-4+deb11u7
CVE ID         : CVE-2026-0797 CVE-2026-2044 CVE-2026-2045 CVE-2026-2048


Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed XWD, ICNS, PGM
or ICO files are opened.


For Debian 11 bullseye, these problems have been fixed in version
2.10.22-4+deb11u7.
Unfortunately there was a typo in the last email. The correct version of gimp, where these issues have been fixed, is 2.10.22-4+deb11u7 instead of 2.10.22-4+deb11u6. 


We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmm2psNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd+EA//biVyKJ4FobD7cpOhVzl3GP6Q+pC+4OSjyMftZRnMS/fhTtnCqQB9v8sz
2up+imz2KtEY1/6iDNJHLf3DfOjV8ZXTErPpNaJak+UV8URpc8wPVMOtAwBJeWqr
GS949jOAOqjT8BpOFHKxqoZ0JhLvNhA7fBupeYaaDy7Ez78SpSdZSSbJqoxDxnoI
9BBpzUObtB9OMWW1ZiE9oq5eOkCD6tYnFE67sah6XrGESl8NQvSuPHv9ADNjScN2
ofjrk8K6sSKUnt7VeObbmPLTAD7NPkyGWtHwuOSNSoDP2clms9W3Edbk2ctY5Eva
LUQX4hP9bTOvbo3m7r6zrdov/fHZzxFjJshU6hbDTaR8dagvNd1X53e5P87K1h5h
qRKD4O88CL7juRK6kkmkqWhHRNSF3zC35HOmzFFY8PKsKwLXMbF7P93ih9cxMZds
pVxtKBohfWUE+FoCwB1mHN81j+seZP0PAcYvE7KkIjGFMU3vpPDuXjl1BI+x8FhS
m98otaITj+zeGmtUa/HBLnoeNgdIDDyh7nMc3fndX5tMHXLE6PMzyiG8StFjgnno
Ugk0y1Q6IXp7iuqXMCw6keyJNWiW7dxKYvxbzO15mAgyHBafRLJPbWJ/ndRgmKET
eTR2QFsdilDn528U3dgP8gWs9icAOvIluarYXVPPCnsgde/o4TY=
=jQ/V
-----END PGP SIGNATURE-----

Reply via email to