[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2749-1] gthumb security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2749-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 29, 2021                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gthumb
Version        : 3:3.4.4.1-5+deb9u2
CVE ID         : CVE-2019-20326


An issue has been found in gthumb, an image viewer and browser.
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg()
in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to
cause a crash and potentially execute arbitrary code via a crafted JPEG
file.


For Debian 9 stretch, this problem has been fixed in version
3:3.4.4.1-5+deb9u2.

We recommend that you upgrade your gthumb packages.

For the detailed security status of gthumb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gthumb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEqyrBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdDEhAAomWHxaKyPJ/RPlnX9fQbMMYS+buWO4LIV+rb2UBLH3pCGQ24+mIMsg1L
19YPwnzTUzdmHg7WxTOW7aZt3/GdskspkLvfgAbb2pMsU+qRzuQBkCRJxf7Z2AKi
D9B80nAAMIuxLyaurKiWkl7gfkEzIpQrGj3C+SlPstSTtewYM3OB22jB1oWkx/rz
Dw4STwRgm3ci2wagesoT58p22YIbYMWzHvDN7sR9KIPL6h8MHK9YFPBN3t04b5iv
Rti7ClLEPSsrMZhm+904dcMOXCsFC8KIKKPH+Mv/zcsUscnzPr/r1q7lN53nj6rb
b/h92neaI5r6fZ6qNT/0yx8hJgIQvqYlRCRZSYhjVHSvIxcndmfgrtZO3RDx2a4A
WIBxYJR2b7bsMCZIqBVMssezIISv3hfTf/g1MlWz56J4Mxezty4ly6f8ElBkeGy5
DcvLhbRw4/uvkzHK4GH2xQUFw1WI1royc/yhk240y2k5R4FMrXDVoXxQVcCmAVuY
jNDOD+qDxOjRX+7eBsvcbkTXMp/kRgCY3oisrK4VeHIF2Jq3u28DOWCyCtS19I6T
C+qU1qsTaRaw2pPUS6lbSWlllipb6WZoj0RJKD9fUTNtI7bkun3/1/86AsqbDcKc
Q5EJo4NZa01aWJEHGKiRY+1ZAQbHz1+12hAywU0SgXuEOrkLRVE=
=djd/
-----END PGP SIGNATURE-----
Reply to: