A security update has been released for the SPIP website engine, which fixes several vulnerabilities that could allow attackers to access protected information and execute arbitrary code. The issues have been fixed in version 4.4.11+dfsg-0+deb13u1 for the stable Debian distribution (trixie). Additionally, a security update has been released for the GIMP image manipulation program, which fixes several vulnerabilities that could allow attackers to execute arbitrary code or cause denial of service by opening malformed files. The issues have been fixed in version 2.10.34-1+deb12u9 for the oldstable Debian distribution (bookworm) and version 3.0.4-3+deb13u7 for the stable distribution (trixie).

[SECURITY] [DSA 6155-1] spip security update
[SECURITY] [DSA 6156-1] gimp security update

[SECURITY] [DSA 6155-1] spip security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6155-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
March 03, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2026-22205 CVE-2026-22206 CVE-2026-26223 CVE-2026-26345
CVE-2026-27472 CVE-2026-27473 CVE-2026-27474 CVE-2026-27475

It was discovered that SPIP, a website engine for publishing, would
allow a malicious user to access protected information, and perform
various SQL injection, Cross-Side Scripting (XSS), and Server-Side
Request Forgery (SSRF) attacks. In some cases this could result in
arbitrary code execution.

For the stable distribution (trixie), these problems have been fixed
in version 4.4.11+dfsg-0+deb13u1.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6156-1] gimp security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6156-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 03, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gimp
CVE ID : CVE-2026-0797 CVE-2026-2044 CVE-2026-2045 CVE-2026-2048
CVE-2026-2047

Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed XWD, ICNS, PGM
or ICO files are opened.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.10.34-1+deb12u9.

For the stable distribution (trixie), these problems have been fixed in
version 3.0.4-3+deb13u7.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/