[Git][security-tracker-team/security-tracker][master] Reserve DSA number for gimp update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 18 10:59:54 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f590c37 by Salvatore Bonaccorso at 2026-02-18T11:58:25+01:00
Reserve DSA number for gimp update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3412,8 +3412,6 @@ CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient input
NOT-FOR-US: Axis Communication
CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
- gimp 3.2.0~RC2-3.2 (bug #1127838)
- [trixie] - gimp <no-dsa> (Minor issue)
- [bookworm] - gimp <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cf2772f5631719ae0e4e701bd7ef793b1f59cfa (master)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae (gimp-3-0 branch)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[18 Feb 2026] DSA-6139-1 gimp - security update
+ {CVE-2026-2239 CVE-2026-2271 CVE-2026-2272}
+ [bookworm] - gimp 2.10.34-1+deb12u8
+ [trixie] - gimp 3.0.4-3+deb13u6
[17 Feb 2026] DSA-6138-1 libpng1.6 - security update
{CVE-2026-25646}
[bookworm] - libpng1.6 1.6.39-2+deb12u3
=====================================
data/dsa-needed.txt
=====================================
@@ -32,8 +32,6 @@ gnutls28 (carnil)
gh/oldstable
Santiago Vila might work on preparing an update
--
-gimp (carnil)
---
git-lfs
--
inetutils
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f590c370ce8d2458c9f55dc82badb676621ede6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f590c370ce8d2458c9f55dc82badb676621ede6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260218/85dab20a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list