Accepted gthumb 3:3.6.2-4+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Aug 2021 21:03:02 +0200
Source: gthumb
Architecture: source
Version: 3:3.6.2-4+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Herbert Parentes Fortes Neto <hpfn@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 948197
Changes:
gthumb (3:3.6.2-4+deb10u1) buster; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2019-20326 (Closes: #948197)
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg()
in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to
cause a crash and potentially execute arbitrary code via a crafted JPEG
file.
* additional fix in case orientation swaps width and height
Checksums-Sha1:
0a464603145736b4376e170c3401fbd1b26fd130 2505 gthumb_3.6.2-4+deb10u1.dsc
02ea3f0401976c13d13ae0aba26cfee551db26f4 33568 gthumb_3.6.2-4+deb10u1.debian.tar.xz
7d757b21c0e0f4785988b6cd2b6e08564ebfa362 21090 gthumb_3.6.2-4+deb10u1_amd64.buildinfo
Checksums-Sha256:
08f8fe97cc27a7fb75490923ba4d8f36ac9540d8d143d898a5c9fd5438ae21fb 2505 gthumb_3.6.2-4+deb10u1.dsc
b85eb03fbf69dc9705f17558a6d815c7933d672ed77a31aeea7b558495f56398 33568 gthumb_3.6.2-4+deb10u1.debian.tar.xz
3393428009b79512dba75c2644804a542fc988a2f88d07a403d91b9ffe8100b0 21090 gthumb_3.6.2-4+deb10u1_amd64.buildinfo
Files:
72c7632aad615ae243433f463896e7d1 2505 gnome optional gthumb_3.6.2-4+deb10u1.dsc
77d6224b73146378aeded5408e116339 33568 gnome optional gthumb_3.6.2-4+deb10u1.debian.tar.xz
968cc5db1fc6a159b4cf806e33d04cd6 21090 gnome optional gthumb_3.6.2-4+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmFHskhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR4gaD/9P7REV34teUqhEyMOOq+uWe0b4NpdB
Duf2pty370opLGQsig3BUOPHhmJn9bjID8HPHNSseyKPhiEx1XcuxrFeze5gFn4t
jcDQUyGzvBXTg9JaM4Bz4jLPu7z+ofD/ed33aoJcdGcpRTz3mehrFqk1Yls55f8/
r2bYb0talJsptcLPC4T0Vve8FKSnrNv5s2aIucigGfOJT3WjlaQHRiUlxjKFDmuB
BlOiX9Knh1zd/oDHcOv/CGke3KYRWyYONny8+8/fbkhn1Ibr2QJe8p/kNbTuZq+2
DVZG0zesxawS2XCVIHAYpsKWydai//a8yV0izhNKPNWLuRCr0xTXOXguU9mJvxQU
rWwH/oqVOAXWrIgLXlkN808VXYS+wguQjyZtb88Ixc7YB4aBeDz6iAURB1kAaTTd
rD19ZKDNmtCRkYYufKGhMSPl+ZKmnuk+CGeUPtNyunBd9jA4qYeDNL24EDNQYA1/
Aa5Pzo5kf/6IKckF0Byu5FPNiY2DOR99vZKRCowwRUK2ETrAoDl0Mqs9eAObdc+1
Y8nwDIoEU0LTFxV2v6dJ9aLBtkmFZID7aLR1DuFln32gWuKpxNxBt0XEyDbmRBaO
jgMYE1JFXrfUehI1uWIMU4TXJOewyeW38C6HZsHf59thY8i2HF/TD4OTPS2S//qS
lTeaZKqYUCtGIg==
=W0MM
-----END PGP SIGNATURE-----
Reply to: