-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Aug 2021 21:03:02 +0200 Source: gthumb Binary: gthumb gthumb-dbgsym gthumb-dev Architecture: amd64 Version: 3:3.6.2-4+deb10u1 Distribution: buster Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Thorsten Alteholz Description: gthumb - image viewer and browser gthumb-dev - image viewer and browser - development files Closes: 948197 Changes: gthumb (3:3.6.2-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20326 (Closes: #948197) A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. * additional fix in case orientation swaps width and height Checksums-Sha1: 4523a0d9710a10fe53056c265615cae5a88adb04 4572848 gthumb-dbgsym_3.6.2-4+deb10u1_amd64.deb e4877195bf3fbc4c28c331c93758b1ba7c2bc34a 613980 gthumb-dev_3.6.2-4+deb10u1_amd64.deb ce0f27b9a1137f80492f2b80870ec251c4aaa868 21367 gthumb_3.6.2-4+deb10u1_amd64-buildd.buildinfo 647611b0decc700186a8ee527a51707c43c9fd31 930196 gthumb_3.6.2-4+deb10u1_amd64.deb Checksums-Sha256: 94f0a815fdd8c780f35c14b532180179e344b8b420af81ca09ad31c857860f45 4572848 gthumb-dbgsym_3.6.2-4+deb10u1_amd64.deb 9129b63a420bf6010decc8d4b4bb83f66e25649662013a61e8f8e7a03247d428 613980 gthumb-dev_3.6.2-4+deb10u1_amd64.deb 11b0160f8a05452db4b0d2207eccdfc60750b2b70c87ac0334301760c5a03518 21367 gthumb_3.6.2-4+deb10u1_amd64-buildd.buildinfo 4e1b98b2780aff3062efbbe4abcbd3f21e0c316c27390bb9a2641f4a8b6d2b1e 930196 gthumb_3.6.2-4+deb10u1_amd64.deb Files: 44196ef18356092a5ed7ad8f6e868b14 4572848 debug optional gthumb-dbgsym_3.6.2-4+deb10u1_amd64.deb c6356454bbbfa90c22f6ec7649e149f8 613980 devel optional gthumb-dev_3.6.2-4+deb10u1_amd64.deb 4ce397336c89b6203f249dba3e017cf3 21367 gnome optional gthumb_3.6.2-4+deb10u1_amd64-buildd.buildinfo 15819515341ba5f83ac5742828478f4f 930196 gnome optional gthumb_3.6.2-4+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVvgiDm0iTi84B8TiOTy2rP5qAaMFAmFPkS8ACgkQOTy2rP5q AaNhcg//YIJ3gVHq7rRbokN0UWdnnQ8xQ33lVgmRslXviWf81PRgjG9RzBrMjw2J ZMXVz55mhbR5joE2cJUPnKorSsMDiX4XWVJu82pb7aDc2v4mAxwCGwhBmuKS4gsz vGt5DkvTVFLF9pyZ/z07VehMFgDU3iQQKTN2HZtUEmgzbgPi9/XUo0LJIlDGTeuR /jx/NkLcNdZH9JnFLmPvP6mTS8CIjE/Rg38CtBf5bRA7U6HFxhou+ZFWZ3uV7ZX5 GmhP29dIEKX4FCGP36Sinl0o4+YeX+E+keudmI1WAZeMGGPXwPTExlVeyks+WxMS sWlUL1ddtttLkq1tkPTlD5Zr9pe4UxqUdNwEuv6fzEzJsHerbDHw3GOHxIAygjUx SU7IBv7uRUru0JOVW8i+tixowRoYksMWCjchp0EKPcvfDEGum8+0XwrCg88dLLyq sS/xlNKNlnb124/wSJb3VfehyPuVudEivfpUvzWQm+74nhAegUh8yETG+GQcT2dw lwIo8lAASyMlfo2Ong/P+S14J6R4R3yqcbAnsQI32qJv+yL3hfYLnHhxQ55ImuV6 ar03ZMoOnqKe0GWWKyJKcNnKXd+ZN4F/2TBgKmtP8B66hnXGb+3/oYYfpyFdjSe3 FxuyUYd09QRLA2/myUZw11pHo2DvdE+Rs83PROcp14LcSA6ME78= =lh5Y -----END PGP SIGNATURE-----