-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Aug 2021 21:03:02 +0200 Source: gthumb Binary: gthumb-data Architecture: all Version: 3:3.6.2-4+deb10u1 Distribution: buster Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Thorsten Alteholz Description: gthumb-data - image viewer and browser - arch-independent files Closes: 948197 Changes: gthumb (3:3.6.2-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20326 (Closes: #948197) A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. * additional fix in case orientation swaps width and height Checksums-Sha1: 27083f7254293ecaa0687def4523b7bff59a8c0f 1730120 gthumb-data_3.6.2-4+deb10u1_all.deb 69040d1bc33eb5420c91e6aba7ad5063b44d7b2c 20817 gthumb_3.6.2-4+deb10u1_all-buildd.buildinfo Checksums-Sha256: 1e453f4346bf16a90ff45d1a412037e4c4ed92280e4879c6ba1b4856f9f84786 1730120 gthumb-data_3.6.2-4+deb10u1_all.deb 5eff17a1c656eaf8e9a0cff8b21aa3b1fe53679e7042f8cebd577d6d5a4e9969 20817 gthumb_3.6.2-4+deb10u1_all-buildd.buildinfo Files: b82a086beff5cd3a13a63ba192b813ac 1730120 gnome optional gthumb-data_3.6.2-4+deb10u1_all.deb aa3cd0dcb35aa3d8b928ee508a47058e 20817 gnome optional gthumb_3.6.2-4+deb10u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEeNXCsz+mBQUIYcOwyd+jzxgwoBwFAmFPiTwACgkQyd+jzxgw oBxSWxAAj/kOTb3zfm+dKMvCDWmKRljGBpNBxHjsLrNbXvj1zX3zY3Mks76jYAfx j7qHXBTC6HtTmWG2mLsf3hTnk8ha5/s4CdcCtpguyNw4ouPANeR+p/CxvGJMAVV9 kWnZBBW6I3QeyMLFCZA8jn9DO9+fgNtCNFRYCFnv3E04euVpkgkB+CglPyCsA0mc pBPbjQ+4iDpgR82xl+uCA7d90xpy7NLM41JnMAXLkDY0Mc17Y00X/w+LSOsbfEpZ ZVdXjessjePZiEddf68lM8VUerE6snwnp0nTP4KH+IBCY3oAA30nwgemvV3A4PAE KjV6IeAx0qHt5SMS6ojjNxSzPVSeo70RKcO1jtnTFW1V+FZ/eKXwmZV5FrH++jSk 0ZvCfCJ9rOG8Qjg/J3tf9Fbn6wJpoGf6cCNeufvxMoTxAwva0fhDaMiIXndbRpGd MQllZOm3g6jS5cz0YjYcXPW6/D7jCysjqRI5SlQRN0ygqJutvaXt7LWgJQQ74rsp Yk3/lDocIlJ0LD+/h5lxrDRKS1A3TZ024TgzLZBWzazDKSyfGDH0qVLoF45vaQ0r F1N+bZt8adkbXPTP9KZmTJIfg3eQ70gU2xg4unxTo1eq/IcIb0zrycvxbftM7/ie 9rbeuROlp63jO0Q/bo66nEMF0Xzf7svcoANLXHB9cnGax3HZ/lQ= =pkYG -----END PGP SIGNATURE-----