-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Feb 2021 23:17:14 +0100 Source: xcftools Binary: xcftools Architecture: source amd64 Version: 1.0.7-6+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Jan Hauke Rahm <jhr@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: xcftools - command-line tools for extracting data for XCF files Changes: xcftools (1.0.7-6+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-5086 and CVE-2019-5087: An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. Checksums-Sha1: fdf077089cd284c70d04987b18c4bc9d3236f8e9 2061 xcftools_1.0.7-6+deb9u1.dsc 3c3cf07ad6183605a3febf5a8af9f2bd4cb4ef83 273455 xcftools_1.0.7.orig.tar.gz d9a4a697f2ae58210d312dab16a7f3efbead7d43 9260 xcftools_1.0.7-6+deb9u1.debian.tar.xz 48f4bd75f9d289b532c6a407b011878dc5ba7f88 106762 xcftools-dbgsym_1.0.7-6+deb9u1_amd64.deb 21a3a8cdb8d2db7133122ed8d3d137373c45cd35 6518 xcftools_1.0.7-6+deb9u1_amd64.buildinfo 984c116216966d2feb4ca55389ef507974761803 70298 xcftools_1.0.7-6+deb9u1_amd64.deb Checksums-Sha256: c7c12da6cabbfc95c36425fa9cf51c3406e2fff396cc518b642fb6c31925e035 2061 xcftools_1.0.7-6+deb9u1.dsc 1ebf6d8405348600bc551712d9e4f7c33cc83e416804709f68d0700afde920a6 273455 xcftools_1.0.7.orig.tar.gz b6bd58d754e21e7d3391a5a4cdc3d21bbb2d8e9850320b5f18af1a41a46dea52 9260 xcftools_1.0.7-6+deb9u1.debian.tar.xz 27fb753ab75e46048549b4088a9e96e1d71d06b4abb96783eabbe4332bace096 106762 xcftools-dbgsym_1.0.7-6+deb9u1_amd64.deb b327f7f4cbc3d8705deb20586e894684c786c598522e29b7c9bb0be5e26a5b77 6518 xcftools_1.0.7-6+deb9u1_amd64.buildinfo 9e8b0bce1cc02389089c8a4d7ea33a2061acd5c8488fbb77aff6e165bb0cdfbf 70298 xcftools_1.0.7-6+deb9u1_amd64.deb Files: 73ec5b03d83fc7d651c7749307ff2256 2061 graphics optional xcftools_1.0.7-6+deb9u1.dsc fd960b6470fb23520fc4b1ade6cf6e25 273455 graphics optional xcftools_1.0.7.orig.tar.gz 228202be3d4be3710c850608f0b37c70 9260 graphics optional xcftools_1.0.7-6+deb9u1.debian.tar.xz 902263cf43f29cbcaec27f2eb0c39555 106762 debug extra xcftools-dbgsym_1.0.7-6+deb9u1_amd64.deb 2bbaf420373c4853f370d01bfea2ad84 6518 graphics optional xcftools_1.0.7-6+deb9u1_amd64.buildinfo e2c97683a4b81f35483b94c93e7a56c7 70298 graphics optional xcftools_1.0.7-6+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmAjImRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HknA0QALhMIkwZQ6Js9stcQ2p+dq3p8NUVfOGSjEug HTgKVrrJAdj7okplExYfXvPqZohVZadM66enQb+moQTMGl8nGrB5JTU5d1HjkWtX r2v5n7fNssqXl7rQdv5iPTl1+BxlHHAszx7luXmY+dEmdu9CuX/swN9RCHeYLIaP vsGsPsG0sBqzM1xkIGUBr25Az4/Qe9ANIf5CYV8tJ54qNAWe5Bk+h19ZKvquzsOJ VRvj3UfuBpujUei28X9jnrZIMiETFbS9cb+Bz1EqrbARfFOci3axz9A5C7PuGXT+ BaXFVSWqf8bZxAwoKf7mCCoseSYPtZom8UPT2VBWaFrmRcBrKBaMS9pHZ7EAyA1m F2wljJ91OtKp5IdmrMX5cq8OEE2aDNbOrcgp6m21dW1mXe4+KsK8Vvd/K3kiDdxF SzimfPvB/D0UiZ9YOvbwBJ+LghVkMRRFITzKgTFTTLMTQavsuI6iaIGdJSEADE87 5VTfKhvEd+BT5+YdoJK+mJl19LwR8vuNZ774LcQC1T8us1DrUvKhUzZspTEdyFf6 VA7QLXhoKW4ye37lfESv8JbP6obvUn5oY2ct4z8JOS1HD7onVoieAiSqYFU+68V1 4qERS+PjUgxRBkaRx0UZJblfL7SB6ZHoZa5mGIjN087LlfsXxNU0f2lbaIOwyVWi tmDfVZFk =sRG3 -----END PGP SIGNATURE-----
