Debian has issued an advisory on February 19: https://lists.debian.org/debian-security-announce/2026/msg00051.html
Status comment: (none) => Patch available from upstream and DebianWhiteboard: (none) => MGA9TOOFlags: (none) => affects_mga9+Source RPM: (none) => gegl-0.4.42-1.mga9.src.rpm, gegl-0.4.66-4.mga10.src.rpmCVE: (none) => CVE-2026-2049, CVE-2026-2050
For Cauldron, gegl-0.4.66-5.mga10 solves the issues. Suggested advisory: ======================== The updated packages fix security vulnerabilities: ZDI-CAN-28618: New Vulnerability Report at rgbe.c. (CVE-2026-2049) ZDI-CAN-28266: New Vulnerability Report at rgbe.c. (CVE-2026-2050) References: https://lists.debian.org/debian-security-announce/2026/msg00051.html ======================== Updated packages in core/updates_testing: ======================== gegl-0.4.42-1.1.mga9 lib(64)gegl-devel-0.4.42-1.1.mga9 lib(64)gegl-gir0.4-0.4.42-1.1.mga9 lib(64)gegl-npd0.4_0-0.4.42-1.1.mga9 lib(64)gegl-sc0.4_0-0.4.42-1.1.mga9 lib(64)gegl0.4-plugins-0.4.42-1.1.mga9 lib(64)gegl0.4_0-0.4.42-1.1.mga9 from SRPM: gegl-0.4.42-1.1.mga9.src.rpm
Flags: affects_mga9+ => (none)Status: NEW => ASSIGNEDSource RPM: gegl-0.4.42-1.mga9.src.rpm, gegl-0.4.66-4.mga10.src.rpm => gegl-0.4.42-1.mga9.src.rpmVersion: Cauldron => 9Status comment: Patch available from upstream and Debian => (none)Whiteboard: MGA9TOO => (none)
Assignee: bugsquad => qa-bugs
MGA9-64 server Plasma Wayland on Compaq H000SB No installation issues. $ gegl quicklinks.jpg -o testgegl.png Generated file shows OK in gwenview. OK to go.
Flags: (none) => test_passed_mga9_64+CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0047.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED