[SECURITY] [DSA 6215-1] gimp security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6215-1] gimp security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 17 Apr 2026 21:18:14 +0000
Message-id: <[🔎] aeKjlqllGXHdy9u_@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6215-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 17, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gimp
CVE ID         : CVE-2026-4150 CVE-2026-4151 CVE-2026-4152 CVE-2026-4153

Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed PSP, JPEG 2000,
PSD or ANI files are opened.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.10.34-1+deb12u10.

For the stable distribution (trixie), these problems have been fixed in
version 3.0.4-3+deb13u8.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmniolgACgkQEMKTtsN8
TjaFZBAAnWF8q3PvwSYqP6Wt2SEJolBS5/BCJq4hmFZE/NOsHLXJnFJ44zueVxu9
R4JTCOxSe31x42RyEWQk1OsXnbj4UX7/KOJw4AV9ZI1BNNnrX+uSjmPJfYbQmALL
+5wp1Qud1cPLivcksWOk9h1yfVekpLRJsDlDimkYbVBE55R9w7+biirBt4KshLl/
o5vZ9LSXYRlWAsAgLiitd2vTZpLjavHIt0SP3jsv+VaxWFu1ZAkNIZ6XdoN5dS4C
JGrQX70uVEF7iZ/yFMlAD8t3r8hQ8sYaub63aumOkdSr1UcARi34Leg+EY7+yUAW
Aehpb0WiNoU37ZksqlcPDgHOVFVumV1UiQgbMnLTpqC5H1gNvy0DpEQ3SkkxJdqs
LR3QmyIqpNa/v/ihJSEUCAMU0erGfagFufWaQk4EUJoiIQ8/vFF1D97jDjSImRTv
Z+CeqtlxOiUCgVNXhLvsHFfMkn6TbGfEdlToceyr8bbenpWaVj9slibTozFMr9Ij
IzcLxDM4V5XZmwcRJVeuqkrthDFCls6iTCJNqjIkPMj7siT8pmHUxMNSUfUNyzPO
8nk1Ecz+7NwacVjzz/G8gqVyr9XR5k2Mc2luBvk3Ys1RFGxm6uC0wpi+f0Hh1xpf
PabEIJjvRKQLIMgetKcJenlepm5YIRZ5GniPIRplGcFhUsWAfr4=
=oEN1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6214-1] chromium security update
Next by Date: [SECURITY] [DSA 6216-1] opam security update
Previous by thread: [SECURITY] [DSA 6214-1] chromium security update
Next by thread: [SECURITY] [DSA 6216-1] opam security update
Index(es):
- Date
- Thread