Backport upstream fix for CVE-2026-2050 (ZDI-CAN-28266) to
gegl 0.2.0. The new patch (gegl-0.2.0-CVE-2026-2050.patch)
adds a buffer overflow guard in rgbe_read_new_rle() in
libs/rgbe/rgbe.c to ensure the run length does not exceed
remaining buffer capacity before writing.
CVE: CVE-2026-2050
Upstream patches:
- d32f1badb4.patch
Resolves: RHEL-188260
This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir