-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 10 Aug 2024 03:12:43 -0600 Source: golang-golang-x-image Architecture: source Version: 0.18.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Closes: 1074426 Changes: golang-golang-x-image (0.18.0-1) unstable; urgency=medium . * New upstream version 0.18.0 + CVE-2024-24792: x/image/tiff: corrupt or malicious paletted images parse successfully and later panic in (*Palleted).At (Closes: #1074426) * Bump dependency golang-golang-x-text-dev (>= 0.16.0) as per go.mod Checksums-Sha1: 5ca8e04913fa6a43670ed16bc8b2fbb36c46a7f1 2276 golang-golang-x-image_0.18.0-1.dsc 347505e508448965aa6a200cfca9db5c9608d412 5103909 golang-golang-x-image_0.18.0.orig.tar.gz 164a57da1d1f52e131944102bdebcd02fcd7f976 6204 golang-golang-x-image_0.18.0-1.debian.tar.xz 8447b744c325c4bacf6697a689a01a89a5181bcf 6212 golang-golang-x-image_0.18.0-1_amd64.buildinfo Checksums-Sha256: efca54b34adf8cb56717e4f3ab15e0787d0c83091cabdc8bcc494a2e38503458 2276 golang-golang-x-image_0.18.0-1.dsc dd23e3256a92667d201fd031a44294e4d54812e0f6fc69365da3bb4fcf3c730d 5103909 golang-golang-x-image_0.18.0.orig.tar.gz 7c3b67423b2c9410f4c6441674dd64d799506a2398cc01863da1fe9fd8ebd809 6204 golang-golang-x-image_0.18.0-1.debian.tar.xz 8342a9d77de605a42eddd5f5b11697dd71e22243a477f4026b7424f2ee2586be 6212 golang-golang-x-image_0.18.0-1_amd64.buildinfo Files: e6380cd5b6285f257ee9165353e071e7 2276 golang optional golang-golang-x-image_0.18.0-1.dsc 995a762ab4d70e4e28534aa40d9f62b8 5103909 golang optional golang-golang-x-image_0.18.0.orig.tar.gz 6e181546de54124a3a282afc2f7ff9ce 6204 golang optional golang-golang-x-image_0.18.0-1.debian.tar.xz 879fe42f79cb608c723a962043545165 6212 golang optional golang-golang-x-image_0.18.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAma3MAIQHGZva2FAZGVi aWFuLm9yZwAKCRDqJQC0EsWaz66NEACf+3MCX/XFhv7w/0138/urXFkWmGMoqM++ Hms2usObY+YbX0IO5NMds0bfbMyumo3ce6LmILxcF1Se9FE8X/UyJAha2NJKBh8P US2YW6GTm0Vfkp5l7TdmGm7QeCdwCxxKVRzqvkoQz21wtRLhjufmyX97vXa6MmcY ZKaG1eNNDfBalxG2xrumHmfI9/A26dxhbJXhoB97fZ+ND+yZ8XfoJBZ6SaXrszKj 8hiMj8/O+IHtyDHrEdMXjRr9qALfTbapv924cYARNtZ/bEswZu76etPquCeGfrQC HRYwvZ2nBxsJ0SwnW+xX6jL3S9eyag2vHAum9JrQAg50d2FLTOlO9BEJ5NZ8DaiU e7HQgW2OfGH/4Hf+OS6zlUYfn25+7VL1OlVtyDJYzkx79+9aYWJ4foRhrxNoiQrw qsTxkiZRKGNL3C1mjsH+xPzYCnow28m/+N5nDu4nO6ejjq8IunAvKKFX76IFi6kp iHJjqSoayVYO1BLzqMVziowhSFBHfVYgfOS2xf8tuOay1MHC/0JeTLlhFwUE2uuR Wx/phyFyPp8DzF/FK575Cq7bN2+iMNDQREpSb10fgSJ+LO9byzhiN1ZRiMQpinN7 /9lHWav43DtT3jd0hxmZP/NQnF/subF1JlhgcWaSmTRJUaHpJD4Wp9k2qrGAIU4d JaVAVExnGw== =yzVF -----END PGP SIGNATURE-----
