[ubuntu/artful-proposed] gdk-pixbuf 2.36.5-3ubuntu1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Fri Sep 15 15:43:14 UTC 2017 

gdk-pixbuf (2.36.5-3ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: Integer overflow checks not enough
    - debian/patches/CVE-2017-2870.patch: checks for integer overflow
      in multiplication in gdk-pixbuf/io-tiff.c.
    - CVE-2017-2870
  * SECURITY UPDATE: exploitable heap overflow
    - debian/patches/CVE-2017-2862-part1.patch: Throw error
      when number of colour components is unsupported in
      gdk-pixbuf/io-jpeg.c.
    - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
      support in gdk-pixbuf/io-jpeg.c
    - debian/patches/CVE-2017-2862-part3.patch: add test in
      tests/pixbuf-fail.c.
    - CVE-2017-2862
  * SECURITY UPDATE: context-dependent to cause DoS
    - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
      a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
    - debian/patches/CVE-2017-6311-part2.patch: return an error if the
      ICO didn't load in gdk-pixbuf/io-ico.c.
    - CVE-2017-6311

Date: Thu, 14 Sep 2017 18:36:00 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.36.5-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 14 Sep 2017 18:36:00 -0300
Source: gdk-pixbuf
Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb gir1.2-gdkpixbuf-2.0
Architecture: source
Version: 2.36.5-3ubuntu1
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Description:
 gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection
 libgdk-pixbuf2.0-0 - GDK Pixbuf library
 libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb)
 libgdk-pixbuf2.0-bin - GDK Pixbuf library (thumbnailer)
 libgdk-pixbuf2.0-common - GDK Pixbuf library - data files
 libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files)
 libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation)
Changes:
 gdk-pixbuf (2.36.5-3ubuntu1) artful; urgency=medium
 .
   * SECURITY UPDATE: Integer overflow checks not enough
     - debian/patches/CVE-2017-2870.patch: checks for integer overflow
       in multiplication in gdk-pixbuf/io-tiff.c.
     - CVE-2017-2870
   * SECURITY UPDATE: exploitable heap overflow
     - debian/patches/CVE-2017-2862-part1.patch: Throw error
       when number of colour components is unsupported in
       gdk-pixbuf/io-jpeg.c.
     - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
       support in gdk-pixbuf/io-jpeg.c
     - debian/patches/CVE-2017-2862-part3.patch: add test in
       tests/pixbuf-fail.c.
     - CVE-2017-2862
   * SECURITY UPDATE: context-dependent to cause DoS
     - debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
       a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
     - debian/patches/CVE-2017-6311-part2.patch: return an error if the
       ICO didn't load in gdk-pixbuf/io-ico.c.
     - CVE-2017-6311
Checksums-Sha1:
 32aed648bc8ea641433375040d1e20bd2a38014d 2988 gdk-pixbuf_2.36.5-3ubuntu1.dsc
 6b0893655f8fe4764e0850c335431cd9c6f23669 329640 gdk-pixbuf_2.36.5-3ubuntu1.debian.tar.xz
 805b5488105e2373e9c9f99376290ff0157d2b82 9487 gdk-pixbuf_2.36.5-3ubuntu1_source.buildinfo
Checksums-Sha256:
 150407368e4bf0650237d91d35031aa42d1715783123939347da259edddff43f 2988 gdk-pixbuf_2.36.5-3ubuntu1.dsc
 61df29885927467d1722af1023b5723efc95fd079f201a055e5c9b3ad588141d 329640 gdk-pixbuf_2.36.5-3ubuntu1.debian.tar.xz
 c9230b21751212c7fabb625907cd400f4ffde89b0bfa5253327a5d3ec4e0c992 9487 gdk-pixbuf_2.36.5-3ubuntu1_source.buildinfo
Files:
 7b98db8a72f26743bac63cecb04c03a8 2988 libs optional gdk-pixbuf_2.36.5-3ubuntu1.dsc
 3906a6fbaf74273b9352949071c0ed28 329640 libs optional gdk-pixbuf_2.36.5-3ubuntu1.debian.tar.xz
 038833548856058704712099eea24ad1 9487 libs optional gdk-pixbuf_2.36.5-3ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZu/R2AAoJEGVp2FWnRL6T6D0P/jUtnpv0MaghmEl7pJFqtpt0
kEeYxOXqstZRyoz47bptIev+6L6sntIxI8rSgGpCCDWvA4BnZipll2eh9LNKpg1H
slK1eKa9QzusRIjygbUfj8gJlRjo6ntg0TdPTfW942pGzGpOKtBllHQM/9f4fuAR
GUeHYa10KcrqMYlAYyFxbpy3ZmWPHwqQdSo8AR2xJezVUA/uT2Oo39gdJrF16VAk
ZkMbrs9zHrzTfUQTFppWdZWoY/ZoyTC5ct3nZr0vipFZF8LRme/T7Ca0xZcDG0yv
etR6tmhDHwSY/S0UMCvm9CvoIa6jWZq7vW1OwW3CmFfe4PI0mjtgpR3jpbvAFM8m
eXAhSEQGJTCy70ILTWyckwy882/15QRatOEnFwbnTr3umsygYMGQnPliYo0xmW6x
LLNubRiFlBq4deVx6Z6Of7Xvj6QZs4uSGo58WMwzwyVkXN35F95KWpAGR/M2STmT
HP8hQtB6/PBV9m9RlrJdxlO97w0akXZyhXZvC+0Woprb1g4S3Wn99lRfR3Wl2Mi0
pVjeeOuGq8aO6bRPxYLp4ch1BjA7gWkDhd+cosJE3r5YtgBESEHb/nAac+a5Vb+K
9BzSfg2/9Rn/9AsmomarvrwBaO+HKfzSdn/mhc/5pAwrAN0ilzX1BP5oTeSovxe/
+yy+vyEzokdBuNr9mxNQ
=Ypbi
-----END PGP SIGNATURE-----

More information about the Artful-changes mailing list