-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 20 Jun 2025 09:52:41 +0100 Source: gdk-pixbuf Architecture: source Version: 2.42.12+dfsg-3 Distribution: unstable Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 1107994 Changes: gdk-pixbuf (2.42.12+dfsg-3) unstable; urgency=high . * Team upload * d/p/lzw-Fix-reporting-of-bytes-written-in-decoder.patch: Add patch from upstream to fix LZW error reporting. Setting the reported output size to the full buffer length rather than the actual number of written bytes can cause uninitialized memory contents to be disclosed. (CVE-2025-6199; Closes: #1107994) * Set high urgency for security fix Checksums-Sha1: 20fee1d33f649597eb50f969f8d2faf3d1b446d0 3214 gdk-pixbuf_2.42.12+dfsg-3.dsc 07fc770e07a0a8ecc6b478fc6a01cede71febd29 22448 gdk-pixbuf_2.42.12+dfsg-3.debian.tar.xz 7571df899c54d9ff51071d357b373c34025bd43d 9209 gdk-pixbuf_2.42.12+dfsg-3_source.buildinfo Checksums-Sha256: c071f923775e859e5fbf5e0f6a090ad6872cfee44f265cc8c977a40b18c2c8f9 3214 gdk-pixbuf_2.42.12+dfsg-3.dsc 900fcb2d377a5cd7c7bfb0b56ee6bae104f776b561e67147f571d1875130b2b3 22448 gdk-pixbuf_2.42.12+dfsg-3.debian.tar.xz 424db3540599d39d7f97438e1333eab60726a6e2c7c2494191ffa0522f596d82 9209 gdk-pixbuf_2.42.12+dfsg-3_source.buildinfo Files: 14e5e38923c6fe9d4ebaca990a2a3461 3214 libs optional gdk-pixbuf_2.42.12+dfsg-3.dsc aeb411a00b0b157caf9b127f9f558aa3 22448 libs optional gdk-pixbuf_2.42.12+dfsg-3.debian.tar.xz 88ebae5f068a450956ca3b69593aea53 9209 libs optional gdk-pixbuf_2.42.12+dfsg-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmhVKPEACgkQI1wJnT6z MHbABQ//Wqp9vnvadn4RMYN+h96jHhy+dOSSbiejlb9YcS/8aSelauXGAPW/v6BD z8Cxkswjq0l/SDLre3mndYtnL2kba3zgX8RWSzKeO7A8dkAJw/aU8xul52IHUix7 vRg3NbQKvPIN1+EfjSG6uiuoIAuIoRiCrb5k3RqaFjPHopCy/OH26gXDZrVPXppm hKBEzJteMOSOPzOb4B2QePn1T0dKQT8pxaxHnrCQYwGXSWGBs7dvKFIQY7UD8/zc 2beHCCOp1Ils6IWEFMh4B/ftX66oqR5Xi6D6OYzPAhR/W9GwCw5RbtOxgDpvXy6b IPG817PJbcD8l7guaiogpLoOpFsqX1OpGRfl2rOReZpddL+LXecr+j3D3id56lLQ 1jub/CCW/N5jNiSlzyqYEhvYOWvuV24q5qSf0A32lq8nxZv5IkIkKmNpZ+tlB8ZK NfYghkSLxyGxzm4aRGsba2UcxXK0DSd4K9WCHW7obxz6SsA22l46S5S5xsL13iB7 4aDhhjD+IZJ8YsDfleB46zu2asQWCcUOeMWhCO4pOdqHN+ZCZKdIsQYIJ3hCeH+T 1TxH/TMXwuDMljNxuyX/YetRH1fXgcoOMPXt8H/EbShpc9+o0HJFrVdLL2QaLzXb c8947geA9rHDx4TzDDxq0AwDRxJ4zrsK5D/1q6NUwWkcw5bIsM4= =VV3S -----END PGP SIGNATURE-----
