-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 Nov 2018 09:30:04 +0000 Source: gthumb Binary: gthumb gthumb-dbg gthumb-data gthumb-dev Architecture: source amd64 all Version: 3:3.3.1-2.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Jackson Doak <noskcaj@ubuntu.com> Changed-By: Herbert Parentes Fortes Neto <hpfn@debian.org> Description: gthumb - image viewer and browser gthumb-data - image viewer and browser - arch-independent files gthumb-dbg - image viewer and browser - debugging symbols gthumb-dev - image viewer and browser - development files Closes: 912290 Changes: gthumb (3:3.3.1-2.1+deb8u1) jessie-security; urgency=high . * I am the current maintainer * debian/patches/ - cve-2018-18718.patch file (Closes: #912290) CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. . There is a suspected double-free bug with static void add_themes_from_dir() dlg-contact-sheet.c. This method involves two successive calls of g_free(buffer) (line 354 and 373), and is likely to cause double-free of the buffer. One possible fix could be directly assigning the buffer to NULL after the first call of g_free(buffer). Thanks Tianjun Wu https://gitlab.gnome.org/GNOME/gthumb/issues/18 Checksums-Sha1: 61b03ead4df4d177bd7e3b9046ba900bc4f8172a 2614 gthumb_3.3.1-2.1+deb8u1.dsc 849d94afecde15ce530f90c557922ed36c240259 3247200 gthumb_3.3.1.orig.tar.xz 284cf0bdcb21c6b28739c11408e09e2073de5c6e 27024 gthumb_3.3.1-2.1+deb8u1.debian.tar.xz 6b561b8897e3f54213a325e13dd29e50e705d6d5 841160 gthumb_3.3.1-2.1+deb8u1_amd64.deb f42aa640937c1db8933d0eeb752b828a4113c0ce 3300566 gthumb-dbg_3.3.1-2.1+deb8u1_amd64.deb 751f1a2135309b4174c1373442bd5092ec2a8bab 1692506 gthumb-data_3.3.1-2.1+deb8u1_all.deb 8194b7902fb926645e8b7c2e4a82e4c2d264db81 561752 gthumb-dev_3.3.1-2.1+deb8u1_amd64.deb Checksums-Sha256: a5e83912391f7a337e00fda9539ec931cad1dd2dea4293724868e741b6783aa3 2614 gthumb_3.3.1-2.1+deb8u1.dsc e116973b89278fbaf03927fdfa1d976ab038c05e69900ceb8bea739552d423b2 3247200 gthumb_3.3.1.orig.tar.xz 7d115067a07ccb9941b4ab822df4c97fd0b0e814634e9de4247d26b4834da253 27024 gthumb_3.3.1-2.1+deb8u1.debian.tar.xz b1873ef352274d57dddf29e89c27517ed3fcb7cf8615585f22dc9d840c523946 841160 gthumb_3.3.1-2.1+deb8u1_amd64.deb 01d6d6f8683c0fd2232a97d30a55aad9aa7005a5252a45b95ae445d05f29b2a3 3300566 gthumb-dbg_3.3.1-2.1+deb8u1_amd64.deb 6435e78f8335b048bc1ff2ad0ee905980657f998c2df27a902c5c78fe406fbed 1692506 gthumb-data_3.3.1-2.1+deb8u1_all.deb 4cbf8837336bacb2d83d193de1500ad465848035423aefa419abdc42f9dda7e8 561752 gthumb-dev_3.3.1-2.1+deb8u1_amd64.deb Files: 1f36b1c275271b2f0ca8b08f9be3f25a 2614 gnome optional gthumb_3.3.1-2.1+deb8u1.dsc 9782bc4a829f8994a16935884ff4a0b3 3247200 gnome optional gthumb_3.3.1.orig.tar.xz da5bf15d343a19ca687e8fb05f49a2cf 27024 gnome optional gthumb_3.3.1-2.1+deb8u1.debian.tar.xz 4dfb8fbe7252ed40854d427c3e4b7d0b 841160 gnome optional gthumb_3.3.1-2.1+deb8u1_amd64.deb bfc27f270e0e08758b117f74201e8cd9 3300566 debug extra gthumb-dbg_3.3.1-2.1+deb8u1_amd64.deb aeed51ee7441dc5e1065fdd456a60503 1692506 gnome optional gthumb-data_3.3.1-2.1+deb8u1_all.deb 2ef748a66f7956a6793ab676a06c5ec7 561752 devel optional gthumb-dev_3.3.1-2.1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJb3rbmAAoJEFUlbyisYGEaBDcP/0Gu//75z3HOEQXaqo+h3ETY sgeAmi1rPp4VbYqLGB1wh+Pzq7P5b9EOiLvlCyvM3K+JIIGg29NhY/fGmpJvKE2K FT3r5F8pRpyggm4zR+jhppiCFLXNdyminJFI9pt+Qe9rfHAHq8t8XSFMsnqSnpoF FmPT2Og3//D5gplHfZDQqH9OEGwfSNu10QGMnjeFjygKtiwBDc0ZBxz6WzsbMRTw og3TVPmfoqHVOa16JCLpWvryqkG9V1uKNXNKKrn7wsxw9O/YltplA5g3+y3pyFFo ZWfT+WKtQslV56CW/3PxXGf1hx3B2k56IG53UJL3nnCdobPPmkUsp+sPhARpM/nY PrKpfzs81lUGUhe9T/b2UyDz56A4Uxv00ss8BHoV3uRbOqjA3BBn21Qi2SwLYVha 53rpslu6V8NdVmYhBvDEJ0uzcMYinY43lIk4QzgHI45s2hRE0RJeBIH9MFSaPxxz GQWD0ajnlvjD+3IpEyecqJQ0OwH8wnuu4y4T8lMTcljV6OVazZ0CvoTCGAKH7YTf QbhgicLCUyk5zM2dy8G/vU9xA57BZ8IjWaIsPR5Caf9gO/ziv0BI7s8BssV61BhC N8TwusQ9qG9oWAeIw7vlwVR9PMLQoSrPGDHxe6RDao5EwPE2w1LvAn7Qx9hbZYhu /+fuYQtjitcHn1NtaUcO =Ipmy -----END PGP SIGNATURE-----