Debian alert DLA-4547-1 (gimp)

From:
             
 
Thorsten Alteholz <debian@alteholz.de>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4547-1] gimp security updat
Date:
             
 
Thu, 23 Apr 2026 10:31:33 +0000
Message-ID:
             
 
<6e6d7d93-4d7a-15f5-649c-2692ad45fc2c@alteholz.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4547-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 23, 2026                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gimp
Version        : 2.10.22-4+deb11u8
CVE ID         : CVE-2026-4150 CVE-2026-4152 CVE-2026-4153


Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed PSP, JPEG 
2000 or PSD files are opened.

For Debian 11 bullseye, these problems have been fixed in version
2.10.22-4+deb11u8.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmnp9QVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeU7w/+LMdn10kjdVPXGjw7IN3tqH7Sk70zxUBEbYceVRKp6Vor4fJJsohNu3g/
S97lWooIrgs1RL6FhDrAQn2WdHB7nvFopIctQJuYasuB0pnYukCDb++vbxSIQxW+
UWUFK64mCRJMLaobnCb0P6WNn2DzNKShMVu8ZylHbkhfWpSMttKiOGsNtb3flsGN
BMUQZZIyJQoluAzv0efg7M8gIKQOiHA1jnARK3qI1upGySM1uGU5ej/fdMjtEJv4
IHl26tevzH8dEOJxGMoLT5Hjlv3JVSntm4XJYYttNMyM2OVVbMuhsg6WZBiFxdn3
In4dAHsrBX2U4Gj1QgIroYkZjjBndAOfPTEjS26ve6/Zh3R7PRwmAaLWZA5DA3BP
TQw1WWyDb8vLqeBjCkLGQDFxXnDjj1mE3FYN5phbN9DW0VdEhV5C415OzTba39Ug
YVHC2Q6vLAztg84LMlem0n9eKvhe+bEQkF7eHkPeo77EQkcGZUwZYOyO6Tx6zkhO
6np4IW5vVcxVISKlcEeMmtXZvx9aedJZNvmdkl0urZSemHCtsIsXN15y23y11aif
y4NTIspy4oj7hwtxPuefu8UlFf06FctcXy1vwXixjRqFvGWgbdn+8/dqcjv3tmpS
uMwrHe8k3F35/uzv5H2WAbgHf0b5LeiYq+HO7/h/2Dd/yZTKRv4=
=Gt5a
-----END PGP SIGNATURE-----