[SECURITY] [DLA 4500-1] gimp security updat

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4500-1] gimp security updat
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 14 Mar 2026 18:44:08 +0000 (UTC)
Message-id: <[🔎] 324e5879-13e5-13c4-c53b-a2529656a670@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4500-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
March 14, 2026                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gimp
Version        : 2.10.22-4+deb11u6
CVE ID         : CVE-2026-0797 CVE-2026-2044 CVE-2026-2045 CVE-2026-2048


Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed XWD, ICNS, PGM
or ICO files are opened.


For Debian 11 bullseye, these problems have been fixed in version
2.10.22-4+deb11u6.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmm1rHhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdfHhAAhNwzmxz3UcDwJTbz0ViYpByr6ncI2l7Z7Ovfex0WEIxtpF0qeF98SUT+
/4Qr3L/xtgUND69GrJjTIJhY+f2Ye/oHO8DBsipDfMD2X6LGqWXBYlu4avYwysjC
QaMCkWvCEu/S+PlL0irSP/iQtuyCuVBU+vQdxfwPUXNcFS/DWJgfit4iBfQeDV0q
g6sgrGrjdhJVySlmT7E5pu5ltB7OvclG0+FFVAh0+0mt/xpzqbVUvIA26/EZHCX3
yCLmBHW+Tk8pf8w5pVjO2toft9GdbXa5ROmhT5S/GoMIKx/BRqVa/ufhQI7eYpCJ
RacIvlG1+M+viuHtRHuy3kBnHQhwQOLjlDncuT5UG2HiI/IVydh2+V04AJ+JfCru
ofHma4CTQhLHMRkv/nfrFD6BKU1ASCRcJPzsu+T82B9xFFS/L8hjPFbMdDFeIfD7
bwyUUYlIQX3PDwfRVw5A9rgOb8qLhsXKSiDKsyRG06HTgOXiKXzDA2qjCpbmrMUB
GcYB4s3BSMLMs2LcoqS/GofsSt8FTpZ16DRwDn1JkPQKzRyeh7j8D+qodnFEQpU8
1Kqhn7j7JPhB4/OZmfdLGrY29/V3De+QpXKkHn0uBEEwaqecFS1UiJAKucrBVYIh
T046ffQ4sYsoi0jLNoR4S9BNRLEFwLPIuvRJ94SNQQKJkPWsMvk=
=fsJm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4501-1] wireless-regdb new upstream version
Next by Date: [SECURITY] [DLA 4502-1] ansible security update
Previous by thread: [SECURITY] [DLA 4501-1] wireless-regdb new upstream version
Next by thread: [SECURITY] [DLA 4502-1] ansible security update
Index(es):
- Date
- Thread