-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Aug 2021 21:03:02 +0200 Source: gthumb Binary: gthumb gthumb-data gthumb-dev Architecture: source all amd64 Version: 3:3.4.4.1-5+deb9u2 Distribution: stretch-security Urgency: medium Maintainer: Herbert Parentes Fortes Neto <hpfn@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: gthumb - image viewer and browser gthumb-data - image viewer and browser - arch-independent files gthumb-dev - image viewer and browser - development files Changes: gthumb (3:3.4.4.1-5+deb9u2) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20326 A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. * additional fix in case orientation swaps width and height Checksums-Sha1: e4a7bf1e02ff31e8b39153d74205c91ce1558934 2824 gthumb_3.4.4.1-5+deb9u2.dsc add30eb9782a2476c5ec6357bc5d63dc34d5214c 3420356 gthumb_3.4.4.1.orig.tar.xz 98718ef721cc9d12384c73c88facdf8100d7b783 33360 gthumb_3.4.4.1-5+deb9u2.debian.tar.xz 8914161f9f0f8bafb15ed7278e7018c498be1400 1759656 gthumb-data_3.4.4.1-5+deb9u2_all.deb e7f2b4409ec3a234054e7435cb031864203eeb5a 4041108 gthumb-dbgsym_3.4.4.1-5+deb9u2_amd64.deb 70156e42c1857386acc9ca7febeb3bf1482532a5 608696 gthumb-dev_3.4.4.1-5+deb9u2_amd64.deb 44a52f4cd6abea4720cf19d51c5997b390e6c19d 21540 gthumb_3.4.4.1-5+deb9u2_amd64.buildinfo 475a0a0e3ff1b92acb64632d10cb832f5184b4b5 886802 gthumb_3.4.4.1-5+deb9u2_amd64.deb Checksums-Sha256: 1fe15a59f2a79082d35874f67e0507c880ffee16946cc844bfd11820e23ca0ec 2824 gthumb_3.4.4.1-5+deb9u2.dsc 4dc63bb1cc1f139259bba7f9fd1735182f16ba37254119a9f9c3e13a898a9533 3420356 gthumb_3.4.4.1.orig.tar.xz 60ec1d79ce28aa67f05102085534c4fb2c5553768b7ab9e51bff357c2fa4d25d 33360 gthumb_3.4.4.1-5+deb9u2.debian.tar.xz b90573d4c54dcdf27f50c930ff5f266d1647e5b96ba6a4f3d1bb4f4693cf288d 1759656 gthumb-data_3.4.4.1-5+deb9u2_all.deb 79181ba20bf0544d6208271b0603c7226e7e35115108f21d92f3b5bf8c0369d2 4041108 gthumb-dbgsym_3.4.4.1-5+deb9u2_amd64.deb 0f5e1c8c0a8844d568370bd6af127aa85e7f72ce3d9629697522449421de3dc5 608696 gthumb-dev_3.4.4.1-5+deb9u2_amd64.deb 4b2be98d26261373d812d2693b12a8006d74a3a56d00e7d35cb764dd6ae9f7b1 21540 gthumb_3.4.4.1-5+deb9u2_amd64.buildinfo f2edb180404880a97cbc4f544312f4191602f3a67a1d8da3db3dfe718f308f3c 886802 gthumb_3.4.4.1-5+deb9u2_amd64.deb Files: 6d91e1c90534835ed088a3df664a6fa3 2824 gnome optional gthumb_3.4.4.1-5+deb9u2.dsc 1745a756007f2a905c341131ae7d89f9 3420356 gnome optional gthumb_3.4.4.1.orig.tar.xz 2ab809786a8a3da9b1e6041b68b4d4cd 33360 gnome optional gthumb_3.4.4.1-5+deb9u2.debian.tar.xz 60985b09d7b43fc4aa067f471d49f466 1759656 gnome optional gthumb-data_3.4.4.1-5+deb9u2_all.deb a6aa7806f1981b9745dbb5bf564ee8ac 4041108 debug extra gthumb-dbgsym_3.4.4.1-5+deb9u2_amd64.deb 54a2d37abf7952d9012f83cb2decbf91 608696 devel optional gthumb-dev_3.4.4.1-5+deb9u2_amd64.deb 3e6d7d97bde55b206cad6b5ceff41539 21540 gnome optional gthumb_3.4.4.1-5+deb9u2_amd64.buildinfo b5e9fadd5d3b0c133074279e0065a6b6 886802 gnome optional gthumb_3.4.4.1-5+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEqvJxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR5QnD/9Je2Qb9a374+fzkNIMMUeinJ2IbPzs WbjpbuulbPBToH9/Kbh0+w6TpfGt/vETCI4i2MXg0kzH/PLbNzN2EqVHoqh9mUXz Z9hWTTZmZ2Uc2pI6toJpm+rstHfkj1Pu9y7sRZpV22WNb6i4/nTwouZT0RdZO20p P5ZUOqIec/ztvPF+1o6fvKlkrI9kYx1UJuz5yviae13gGIkmhIOw9c088De+RMeZ 3cBQi0OXl9QE7NXWYA6FAbv5bZxOcw44mInNxDZhVksQufEH4bzto7UhP4czymD3 xkLqwCEuXq/TsledufqkJkYBSKMh5tVebPiZO6Rs7FTk4SL5jsqxNin5TMG6mecS /kV02++3eRiUIMqYcatzlhqDu3SNOhlf/XxP0cLnK5cxD3c3JQh1nM/qS2xMenZN WR0XR3CaYomG29VyG+14t/dC93Mm3Xxnzyqi6mP+uZYDXfmzZfcBWz6r2oz+yoaw /1fzSDCuVaWh9HK3VRFGcclCQOWs/l8CbpdEOkM+GgCsTCJTDMc94RqTZL+cjoCu /5fAjqOUog/+v1m+h64D3mIcazeU3b5N/0pt5dUpa54P2GKfdfkvnoRg+ddf9tzC c07l0KRBC+wfO9rD+FN0U+95jscuUFlmesNiHd3XlWaaY02xrI+f1EGo/RtWPIfJ U7StP8YFsvZG3A== =j7X+ -----END PGP SIGNATURE-----