-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 23:04:36 +0200 Source: gdk-pixbuf Architecture: source Version: 2.42.10+dfsg-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1071265 Changes: gdk-pixbuf (2.42.10+dfsg-1+deb12u1) bookworm; urgency=medium . * ANI: Reject files with multiple anih chunks (CVE-2022-48622) (Closes: #1071265) * ANI: Reject files with multiple INAM or IART chunks * ANI: Validate anih chunk size Checksums-Sha1: 7f4431270e9826b5750b6a46933b22fb128ce976 3328 gdk-pixbuf_2.42.10+dfsg-1+deb12u1.dsc 51a597a12c66c5677f032e491042b465bc792de1 22156 gdk-pixbuf_2.42.10+dfsg-1+deb12u1.debian.tar.xz ad7a1963c42ec4d8c0ad1dc077e811a98f545d5a 7233 gdk-pixbuf_2.42.10+dfsg-1+deb12u1_source.buildinfo Checksums-Sha256: 61d9a589c47389c3668d0e0e00b578b4bd362e820ccf0753c44912940a466f2b 3328 gdk-pixbuf_2.42.10+dfsg-1+deb12u1.dsc 91b7d1795ffedc62c832c4a7cd4d425c39117372bf4bd69720b5c7d8dd93605e 22156 gdk-pixbuf_2.42.10+dfsg-1+deb12u1.debian.tar.xz 1ab391bedf15643656fb26af026c447943f68db120837738aedb3fc31df229bb 7233 gdk-pixbuf_2.42.10+dfsg-1+deb12u1_source.buildinfo Files: f24a0e5068051d09aeacc97589a8a89a 3328 libs optional gdk-pixbuf_2.42.10+dfsg-1+deb12u1.dsc 21ef15fa34c4c6c97c957c499d652501 22156 libs optional gdk-pixbuf_2.42.10+dfsg-1+deb12u1.debian.tar.xz b98af29cabe438c24573f9d5113c839c 7233 libs optional gdk-pixbuf_2.42.10+dfsg-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZrx9RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENi0P/jYTMdULHzaBIMP2azoKR+IPg217faOB A1joR7olHCPiocfl/2UjwBxMHoAbIH2gJ/fcUnL+d+lw/8ImnD3PP8nxpV0LKX0a dGG+xVFcocKEvMXpGjbriH1EgQKDasa+A/BoOe+315hAfNzPpe75EU1uOIp4daFI zOHfBQIKlR6x9FPcTArIzeCWQ3nFhopC+skRf+xW/OvnZIbac6N2d8Qgofrzotwi 8PZxSphLnvqwRfLumhXpCnGweeFyTl6w7SBtmmmorZyQfBozxtnN+p45v48bNJtc KNUCJatkeG8UUqUdaNs1CH2Eb+UfulvvIyfxp5lDCDqB4TJUWY5zBUnBBJvlRskv CLqPamhQAjyKcdBRfJYLPUFzadSpDoviKFqdUddR7LEUbBZhIEO0zi+fBNsaiWGS EOXbJXMZnZpEAd7N185k0rubpyRGfkDMk1nKnDGfDgL4MRGfckE7+sDLy4LKlDvd SrqhzunABLT9MoYYI2yhb5PVimJkseE1Dz0osBD8+sRY/dOnf0WsQOA2rztUYD1l abe4MqWHCd8HmGgkvvNeto5BfEG8kxjbUhh8Fik+j0baiJPm9sGqo2kwpKF8Y/ss lWGY8+wn8Nys4Dam31pLLKyv1HphiQ6YeoUbol+JI36Zzdglg9lweGYVq4tEkOWB Nq3s+nXeSidW =pipz -----END PGP SIGNATURE-----