-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Dec 2019 17:03:02 +0100 Source: gdk-pixbuf Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-0-dbg libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb gir1.2-gdkpixbuf-2.0 Architecture: source all amd64 Version: 2.31.1-2+deb8u8 Distribution: jessie-security Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection libgdk-pixbuf2.0-0 - GDK Pixbuf library libgdk-pixbuf2.0-0-dbg - GDK Pixbuf library - debug symbols libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb) libgdk-pixbuf2.0-common - GDK Pixbuf library - data files libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files) libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation) Changes: gdk-pixbuf (2.31.1-2+deb8u8) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2016-6352 fix for denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file * CVE-2017-2870 Fix for an exploitable integer overflow vulnerability in the tiff_image_parse functionality. When software is compiled with clang, A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. Debian package is compiled with gcc and is not affected, but probably some downstream is. * CVE-2017-6312 Fix for an integer overflow in io-ico.c that allows attackers to cause a denial of service (segmentation fault and application crash) via a crafted image * CVE-2017-6313 Fix for an integer underflow in the load_resources function in io-icns.c that allows attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file * CVE-2017-6314 Fix for an infinite loop in the make_available_at_least function in io-tiff.c that allows attackers to cause a denial of service via a large TIFF file. Checksums-Sha1: 73056f540f4e80c57ceb6725cf8128c19dd77d05 3032 gdk-pixbuf_2.31.1-2+deb8u8.dsc c715e21cacb939d2015c26124640b0aad6ad1986 1340056 gdk-pixbuf_2.31.1.orig.tar.xz 8e922d47c9b29f17097b451bab14c40db1c8a1c0 22728 gdk-pixbuf_2.31.1-2+deb8u8.debian.tar.xz 49155a38c422d23e8707ac05e6736dbae0297703 294954 libgdk-pixbuf2.0-common_2.31.1-2+deb8u8_all.deb 0df7ccd8f99a3bf8dbec82f8f7274dd51f88455e 177576 libgdk-pixbuf2.0-doc_2.31.1-2+deb8u8_all.deb 5446ce6a852522240ce1a858ff6f7e202307ce13 167918 libgdk-pixbuf2.0-0_2.31.1-2+deb8u8_amd64.deb 9910ce45ea9f64872de8192ee40e73826e10eb93 433238 libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_amd64.deb 4814a5fa8a3f567d5446322ff291d6a960dec8ad 53238 libgdk-pixbuf2.0-dev_2.31.1-2+deb8u8_amd64.deb f35e9e11d12179f0c1a66ebc61008bb299834728 374046 libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u8_amd64.udeb 1b4b07262331fd9f75bcc2772c8f95ba548e0beb 17412 gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u8_amd64.deb Checksums-Sha256: 709dc9094f08078b3e2cd42de527488b47f239ff09d8b3fc813d63711c7ab1b7 3032 gdk-pixbuf_2.31.1-2+deb8u8.dsc 25a75e3c61dac11e6ff6416ad846951ccafac6486b1c6a1bfb0b213b99db52cd 1340056 gdk-pixbuf_2.31.1.orig.tar.xz 0da93a92aa21490144e6dc87398e8f4a1c453db72c25ece7389a67f7f742c74e 22728 gdk-pixbuf_2.31.1-2+deb8u8.debian.tar.xz c7e1aa5f9ce835d75fb4a9ff1ab1006884689175644aa428d11f5d8403dd7bc5 294954 libgdk-pixbuf2.0-common_2.31.1-2+deb8u8_all.deb 5ed0bd1166c4fafaa69247f8b03296b55b65414cf7ad7d6028bab8fe34a4eee9 177576 libgdk-pixbuf2.0-doc_2.31.1-2+deb8u8_all.deb 6d722dd16df10cf4313f94b59629ec68eee6b571ad2ac3b2ef4302cbac78d303 167918 libgdk-pixbuf2.0-0_2.31.1-2+deb8u8_amd64.deb af102a44e732c46e988335ec395000709cfdac2f9c452def31af9146dcb371b3 433238 libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_amd64.deb afd82536b7bbfd487617ac90b5a4385a86ccd52f6c10ef48d3910e07d47b69d0 53238 libgdk-pixbuf2.0-dev_2.31.1-2+deb8u8_amd64.deb afc73332681e1a950967bbf10078ba6b3a4fbbdf21004563912e51aa67ac1f3b 374046 libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u8_amd64.udeb 5a6a809caa6a3e9fccb928c106efd0b11c5d748fb740f0dabc0ceed0ae69257c 17412 gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u8_amd64.deb Files: b4cd5ff04b5968ffb7cd34ad183db357 3032 libs optional gdk-pixbuf_2.31.1-2+deb8u8.dsc 74cde211f5b7ac1015d1a7c9feee037c 1340056 libs optional gdk-pixbuf_2.31.1.orig.tar.xz ae063d044a99e8a7e9a6ca3c886ca370 22728 libs optional gdk-pixbuf_2.31.1-2+deb8u8.debian.tar.xz 57416934636717e5151333d8cc7536bf 294954 libs optional libgdk-pixbuf2.0-common_2.31.1-2+deb8u8_all.deb 09156cea316a5cbeff8d6a0978702002 177576 doc optional libgdk-pixbuf2.0-doc_2.31.1-2+deb8u8_all.deb 2b589f8a7f78fbaa5e90884533422d1d 167918 libs optional libgdk-pixbuf2.0-0_2.31.1-2+deb8u8_amd64.deb 3dc57d38a830a9cfe1953e3739ec5a49 433238 debug extra libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_amd64.deb 76c16dce520c9e366e7fcf7a5725d306 53238 libdevel optional libgdk-pixbuf2.0-dev_2.31.1-2+deb8u8_amd64.deb 13b7a97f10ee69f7529b1844d41795c4 374046 debian-installer extra libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u8_amd64.udeb 8455559e222197e600aba9266299f502 17412 introspection optional gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl37nAdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR9XUD/48xJNIDP0jrA7O+W3MgkQ5VJ6SUGB7 gzRZGOeGUDh+yCu17hOiHX5mz5c6g+rYiXinFa89+TwB4SxLmFfvv0T1m1UILl/S /sSWkb9qKpRbvMDeq/O+ac1oJOZIkQw9+ND9qBb3BGXs2tGkr1Nhfef0/C9prh9O wphhljkr544hTBXc4j6bgqrRFJyEt8Eoesrssnxm62ufzUjSNZ1UQp6N1rsG/Buh C7ARuVIcCKwyP6u0wY+y2aapa8UrGDjYLMUXlECRD150RCTIUpxWJYbVTpjGWQdV bM2X1SHHrwADA/ATurvZ2nR5Lg0h/QsK42wVtUF46uwpHypmfemfkEb67zOZG/y5 qyKD9QxPgyc2KALvZg/o2cT5lQ1YQobY3DIU262CheJoV8GooGX/TgeTqua0GDGJ 7SJWYlTJ3z5nf6svY7Lp9NCPI6FzNlXgKLmcZAmK+sKtrQ1IZdO6i+S/cQRBRH4s EwyPSHhvSS4K/udCfAcZ937skq2K2ykCsbexa6rHhmSKeKMiVVGiJ8QwwFB+NASj afP68jLR3cNXGr9Y/1mgSB0bhPAZ9dZctCTBtBJDNoxYceSC1Wg+11oRx0Yczd0c 0IGSsHzrEZUtvmJlIWhiGbywp+0kEsH6FDHiVd/hGPvqMaANCTGBk6H9J2+aubak LCn4qBwSsqExRA== =OVmC -----END PGP SIGNATURE-----
