[Git][security-tracker-team/security-tracker][master] gimp DSA

Tue, 03 Mar 2026 13:59:47 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e8757584 by Moritz Mühlenhoff at 2026-03-03T22:59:05+01:00
gimp DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3452,6 +3452,7 @@ CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write 
Remote Code Execution V
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/fa69ac5ec5692f675de5c50a6df758f7d3e45117
 (GIMP_3_0_8)
 CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code 
Executio ...)
        - gimp 3.2.0~RC3-1 (bug #1128605)
+       [trixie] - gimp 3.0.4-3+deb13u7
        [bookworm] - gimp <not-affected> (Vulnerable code not present)
        [bullseye] - gimp <not-affected> (Vulnerable code not present)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-120/


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[03 Mar 2026] DSA-6156-1 gimp - security update
+       {CVE-2026-0797 CVE-2026-2044 CVE-2026-2045 CVE-2026-2048}
+       [bookworm] - gimp 2.10.34-1+deb12u9
+       [trixie] - gimp 3.0.4-3+deb13u7
 [03 Mar 2026] DSA-6155-1 spip - security update
        {CVE-2026-22205 CVE-2026-22206 CVE-2026-26223 CVE-2026-26345 
CVE-2026-27472 CVE-2026-27473 CVE-2026-27474 CVE-2026-27475}
        [trixie] - spip 4.4.11+dfsg-0+deb13u1


=====================================
data/dsa-needed.txt
=====================================
@@ -26,8 +26,6 @@ frr
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
-gimp (jmm)
---
 git-lfs
 --
 imagemagick



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8757584e88d9e1ffb7ce723df8a4c6d39caf310

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8757584e88d9e1ffb7ce723df8a4c6d39caf310
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to