-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Aug 2021 21:03:02 +0200 Source: gthumb Architecture: source Version: 3:3.6.2-4+deb10u1 Distribution: buster Urgency: medium Maintainer: Herbert Parentes Fortes Neto <hpfn@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Closes: 948197 Changes: gthumb (3:3.6.2-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20326 (Closes: #948197) A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. * additional fix in case orientation swaps width and height Checksums-Sha1: 0a464603145736b4376e170c3401fbd1b26fd130 2505 gthumb_3.6.2-4+deb10u1.dsc 02ea3f0401976c13d13ae0aba26cfee551db26f4 33568 gthumb_3.6.2-4+deb10u1.debian.tar.xz 7d757b21c0e0f4785988b6cd2b6e08564ebfa362 21090 gthumb_3.6.2-4+deb10u1_amd64.buildinfo Checksums-Sha256: 08f8fe97cc27a7fb75490923ba4d8f36ac9540d8d143d898a5c9fd5438ae21fb 2505 gthumb_3.6.2-4+deb10u1.dsc b85eb03fbf69dc9705f17558a6d815c7933d672ed77a31aeea7b558495f56398 33568 gthumb_3.6.2-4+deb10u1.debian.tar.xz 3393428009b79512dba75c2644804a542fc988a2f88d07a403d91b9ffe8100b0 21090 gthumb_3.6.2-4+deb10u1_amd64.buildinfo Files: 72c7632aad615ae243433f463896e7d1 2505 gnome optional gthumb_3.6.2-4+deb10u1.dsc 77d6224b73146378aeded5408e116339 33568 gnome optional gthumb_3.6.2-4+deb10u1.debian.tar.xz 968cc5db1fc6a159b4cf806e33d04cd6 21090 gnome optional gthumb_3.6.2-4+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmFHskhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR4gaD/9P7REV34teUqhEyMOOq+uWe0b4NpdB Duf2pty370opLGQsig3BUOPHhmJn9bjID8HPHNSseyKPhiEx1XcuxrFeze5gFn4t jcDQUyGzvBXTg9JaM4Bz4jLPu7z+ofD/ed33aoJcdGcpRTz3mehrFqk1Yls55f8/ r2bYb0talJsptcLPC4T0Vve8FKSnrNv5s2aIucigGfOJT3WjlaQHRiUlxjKFDmuB BlOiX9Knh1zd/oDHcOv/CGke3KYRWyYONny8+8/fbkhn1Ibr2QJe8p/kNbTuZq+2 DVZG0zesxawS2XCVIHAYpsKWydai//a8yV0izhNKPNWLuRCr0xTXOXguU9mJvxQU rWwH/oqVOAXWrIgLXlkN808VXYS+wguQjyZtb88Ixc7YB4aBeDz6iAURB1kAaTTd rD19ZKDNmtCRkYYufKGhMSPl+ZKmnuk+CGeUPtNyunBd9jA4qYeDNL24EDNQYA1/ Aa5Pzo5kf/6IKckF0Byu5FPNiY2DOR99vZKRCowwRUK2ETrAoDl0Mqs9eAObdc+1 Y8nwDIoEU0LTFxV2v6dJ9aLBtkmFZID7aLR1DuFln32gWuKpxNxBt0XEyDbmRBaO jgMYE1JFXrfUehI1uWIMU4TXJOewyeW38C6HZsHf59thY8i2HF/TD4OTPS2S//qS lTeaZKqYUCtGIg== =W0MM -----END PGP SIGNATURE-----