[SECURITY] [DLA 4483-1] gimp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4483-1] gimp security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 18 Feb 2026 18:32:59 +0000 (UTC)
Message-id: <[🔎] aeb7e6c0-36b-da37-a0f9-e4e19afa145b@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4483-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 18, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gimp
Version        : 2.10.22-4+deb11u6
CVE ID         : CVE-2025-15059 CVE-2026-2239 CVE-2026-2271 CVE-2026-2272


Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed PSD, PSP or ICO
files are opened.


For Debian 11 bullseye, these problems have been fixed in version
2.10.22-4+deb11u6.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmWBdtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdsABAAw4K+lyyY+Wm9rojLhXlit49vzSDA8xfCpjFWNAXRpxNU0okKGwK+ZLz+
QsL2124Bl4tR9ADVlZjcDvg+RTDM2tVHIIFkH4SdXVhOmX+YLEke18LcFbU1hHXS
6Do5U5m2yUCZLdISoRSoOKdIfFWxLJhwQhEUi6pO1T8xbeOIEiFdN8JV3cR6qFt1
4vu6cEYw04B574gJiQfIBGlZf0QhnTZ5FCY1zsVBehMgLvfns2ZFnN2tQZv/cmca
RnzSgPov6/Q2Yl/OeLbvpiDBNlg3UD/616CCoYme6eyoENM0Uc2yBKDr0sKqTyz7
4g/bqDUM3unf1W+4l881Iu/WMxHtH8PbUDG1UQcfNPTJ/ZlXdlHbwopSmQGDUraX
gKQyQepXOPFIBlag2T1ABxEPsL02Ag1gd//ps31rhKCmrAUPSI1Q7z2KcvexpvqB
ojyVsFx/6vljcjKctRH0ODdxtVMz5FcRhoVMwwR87AJGgUw1xslV2jUKw8E5JdxT
VaFV/qXMf59WCFdXq3eDR+PykCbHTWwSl8lqJ9zt5cBnZxbhr9zA/FvZ627x0+1w
783pFMKUqzKxX+8MlfeJ2OKk704lSAE9Gc2kiP07CbkiGdI8tBqHAyt6E45Qr/Y1
DxeBOdIrxsylJZtjZWUPc50U3yRGAeau0bgje97Aqgxi6GkYOoI=
=CpNh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4482-1] ceph security update
Next by Date: [SECURITY] [DLA 4484-1] python-django security update
Previous by thread: [SECURITY] [DLA 4482-1] ceph security update
Next by thread: [SECURITY] [DLA 4484-1] python-django security update
Index(es):
- Date
- Thread