[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted xcftools 1.0.7-6+deb9u1 (source amd64) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Feb 2021 23:17:14 +0100
Source: xcftools
Binary: xcftools
Architecture: source amd64
Version: 1.0.7-6+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Jan Hauke Rahm <jhr@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 xcftools   - command-line tools for extracting data for XCF files
Changes:
 xcftools (1.0.7-6+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-5086 and CVE-2019-5087:
     An exploitable integer overflow vulnerability exists in the
     flattenIncrementally function in the xcf2png and xcf2pnm binaries of
     xcftools. An integer overflow can occur while walking through tiles that
     could be exploited to corrupt memory and execute arbitrary code. In order
     to trigger this vulnerability, a victim would need to open a specially
     crafted XCF file.
Checksums-Sha1:
 fdf077089cd284c70d04987b18c4bc9d3236f8e9 2061 xcftools_1.0.7-6+deb9u1.dsc
 3c3cf07ad6183605a3febf5a8af9f2bd4cb4ef83 273455 xcftools_1.0.7.orig.tar.gz
 d9a4a697f2ae58210d312dab16a7f3efbead7d43 9260 xcftools_1.0.7-6+deb9u1.debian.tar.xz
 48f4bd75f9d289b532c6a407b011878dc5ba7f88 106762 xcftools-dbgsym_1.0.7-6+deb9u1_amd64.deb
 21a3a8cdb8d2db7133122ed8d3d137373c45cd35 6518 xcftools_1.0.7-6+deb9u1_amd64.buildinfo
 984c116216966d2feb4ca55389ef507974761803 70298 xcftools_1.0.7-6+deb9u1_amd64.deb
Checksums-Sha256:
 c7c12da6cabbfc95c36425fa9cf51c3406e2fff396cc518b642fb6c31925e035 2061 xcftools_1.0.7-6+deb9u1.dsc
 1ebf6d8405348600bc551712d9e4f7c33cc83e416804709f68d0700afde920a6 273455 xcftools_1.0.7.orig.tar.gz
 b6bd58d754e21e7d3391a5a4cdc3d21bbb2d8e9850320b5f18af1a41a46dea52 9260 xcftools_1.0.7-6+deb9u1.debian.tar.xz
 27fb753ab75e46048549b4088a9e96e1d71d06b4abb96783eabbe4332bace096 106762 xcftools-dbgsym_1.0.7-6+deb9u1_amd64.deb
 b327f7f4cbc3d8705deb20586e894684c786c598522e29b7c9bb0be5e26a5b77 6518 xcftools_1.0.7-6+deb9u1_amd64.buildinfo
 9e8b0bce1cc02389089c8a4d7ea33a2061acd5c8488fbb77aff6e165bb0cdfbf 70298 xcftools_1.0.7-6+deb9u1_amd64.deb
Files:
 73ec5b03d83fc7d651c7749307ff2256 2061 graphics optional xcftools_1.0.7-6+deb9u1.dsc
 fd960b6470fb23520fc4b1ade6cf6e25 273455 graphics optional xcftools_1.0.7.orig.tar.gz
 228202be3d4be3710c850608f0b37c70 9260 graphics optional xcftools_1.0.7-6+deb9u1.debian.tar.xz
 902263cf43f29cbcaec27f2eb0c39555 106762 debug extra xcftools-dbgsym_1.0.7-6+deb9u1_amd64.deb
 2bbaf420373c4853f370d01bfea2ad84 6518 graphics optional xcftools_1.0.7-6+deb9u1_amd64.buildinfo
 e2c97683a4b81f35483b94c93e7a56c7 70298 graphics optional xcftools_1.0.7-6+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmAjImRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HknA0QALhMIkwZQ6Js9stcQ2p+dq3p8NUVfOGSjEug
HTgKVrrJAdj7okplExYfXvPqZohVZadM66enQb+moQTMGl8nGrB5JTU5d1HjkWtX
r2v5n7fNssqXl7rQdv5iPTl1+BxlHHAszx7luXmY+dEmdu9CuX/swN9RCHeYLIaP
vsGsPsG0sBqzM1xkIGUBr25Az4/Qe9ANIf5CYV8tJ54qNAWe5Bk+h19ZKvquzsOJ
VRvj3UfuBpujUei28X9jnrZIMiETFbS9cb+Bz1EqrbARfFOci3axz9A5C7PuGXT+
BaXFVSWqf8bZxAwoKf7mCCoseSYPtZom8UPT2VBWaFrmRcBrKBaMS9pHZ7EAyA1m
F2wljJ91OtKp5IdmrMX5cq8OEE2aDNbOrcgp6m21dW1mXe4+KsK8Vvd/K3kiDdxF
SzimfPvB/D0UiZ9YOvbwBJ+LghVkMRRFITzKgTFTTLMTQavsuI6iaIGdJSEADE87
5VTfKhvEd+BT5+YdoJK+mJl19LwR8vuNZ774LcQC1T8us1DrUvKhUzZspTEdyFf6
VA7QLXhoKW4ye37lfESv8JbP6obvUn5oY2ct4z8JOS1HD7onVoieAiSqYFU+68V1
4qERS+PjUgxRBkaRx0UZJblfL7SB6ZHoZa5mGIjN087LlfsXxNU0f2lbaIOwyVWi
tmDfVZFk
=sRG3
-----END PGP SIGNATURE-----
Reply to: