-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 10 Oct 2025 22:47:11 -0300 Source: gdk-pixbuf Architecture: source Version: 2.42.2+dfsg-1+deb11u4 Distribution: bullseye-security Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Carlos Henrique Lima Melara <charlesmelara@riseup.net> Closes: 1109262 Changes: gdk-pixbuf (2.42.2+dfsg-1+deb11u4) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * debian/patches/CVE-2025-7345.patch: import patch from upstream. - CVE-2025-7345: A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c) potentially leading to a buffer overflow. (Closes: #1109262) * debian/salsa-ci.yml: - Add (E)LTS pipeline for bullseye. - Build with nocheck and pass SALSA_CI=true for autopkgtest job. * debian/tests/installed-tests{,flaky}: check SALSA_CI variable to decide what is flaky or not. Checksums-Sha1: 8fe22da169b96f01f7c8c8a9d016228a757d8e0d 3223 gdk-pixbuf_2.42.2+dfsg-1+deb11u4.dsc d66fc4f6f28e3cbdcc1bc8c1b25495c7c6fd6c3f 6433920 gdk-pixbuf_2.42.2+dfsg.orig.tar.xz e9739a8796d90755a939ab1e6fbee25a12c4b62f 38996 gdk-pixbuf_2.42.2+dfsg-1+deb11u4.debian.tar.xz 1265feccccd7a22d16b620a5be55ebcc6b2a1101 6237 gdk-pixbuf_2.42.2+dfsg-1+deb11u4_source.buildinfo Checksums-Sha256: 9e343f720be9e7ccfb278db7ee582accb5b0f63ea7b5a63c54105f0350d8bc39 3223 gdk-pixbuf_2.42.2+dfsg-1+deb11u4.dsc f781dca5af4c6536befb1faaa3b82efb9750c52a350842bc82b2aa08ce129ee9 6433920 gdk-pixbuf_2.42.2+dfsg.orig.tar.xz bfab04e2fb603870e1d43f447a4fa131a892f1a7f8d24f10e71aeb2224c2c60e 38996 gdk-pixbuf_2.42.2+dfsg-1+deb11u4.debian.tar.xz 080a86cfcb8122a5dbf05d4a9a0cf60f0104ce90ed5518ae8199c40b60151b62 6237 gdk-pixbuf_2.42.2+dfsg-1+deb11u4_source.buildinfo Files: acb1cafd78bfffb97b0537c49bce1c51 3223 libs optional gdk-pixbuf_2.42.2+dfsg-1+deb11u4.dsc 6ad51a9ed2b394acc88052ae9de01c9e 6433920 libs optional gdk-pixbuf_2.42.2+dfsg.orig.tar.xz ba4893dbe71826a6d4f7939d5344fbed 38996 libs optional gdk-pixbuf_2.42.2+dfsg-1+deb11u4.debian.tar.xz 95842c9839d4f164a8e493e7afb59238 6237 libs optional gdk-pixbuf_2.42.2+dfsg-1+deb11u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJNBAEBCgA3FiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmj5hv8ZHGNoYXJsZXNt ZWxhcmFAcmlzZXVwLm5ldAAKCRC3gz2CAnyZC7zsD/9e/nqHYA2AHa3u4tf8gxy3 xQ1VT4jHrtEErPnqYWULiF+BJ0W5/VM0vFpUxm1mu3zFGStUqQy1vCEUdg/jwaQK 8me4zfKDthgWk7022cEZw11GX6CEfcamFBhTxe3gqIRGhdgYkNEuDND1NnxkY9ap zPch8rln5LLT+iBJVl+k649X6Pwa+G1JCoVHOJoeng/K8FAU3t+KVFf2ksLYE9HX vXjJEBtIrrcLYOlSfRsOqBiEkVcWxGbK0UCA2+Z0gluWpZlyKiHGrUsKM/vYkzOb UbKV766lbJglejNYQnRn5K3Tje2JskZnsV0/dElemVPy2Ph96lDafioZxfTY/pQC 7+i00HzywvdQ0ybm+pUwrYC4Vm3fwW3y7+3FDonoE/u07deB7oHLITgucYN7o/ks gRf5e5Cl6civ7pt7nZLO94FbI4YfqgPa2qmMd/s/0+JGZjoRa0hXnn9DUqM0hNuY 4biCunyxxNlAV+uY5n1DswHyFro5zra3Dse2KtEFe9c9npcOUZc3IrDFfI2QwEIe p6EQ5Zt31qM9WK8K6cgyitSN8W4Wf9VpIG2pR2uymuAJcIDikwcgJpDIgBmOxed8 3No9b2iquT8LiQp0HmG27dsQ3/ziepfwrzp/+q8f0/8duLJ0zX+AfMwTVadcCZC4 nfK1Ba6+P7X3yNiS3hNfhQ== =CiAu -----END PGP SIGNATURE-----
