Back to gdk-pixbuf PTS page

Accepted gdk-pixbuf 2.31.1-2+deb8u8 (source all amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted gdk-pixbuf 2.31.1-2+deb8u8 (source all amd64) into oldoldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 19 Dec 2019 16:10:24 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1ihyNc-0003ZJ-6i@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Dec 2019 17:03:02 +0100
Source: gdk-pixbuf
Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-0-dbg libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb gir1.2-gdkpixbuf-2.0
Architecture: source all amd64
Version: 2.31.1-2+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection
 libgdk-pixbuf2.0-0 - GDK Pixbuf library
 libgdk-pixbuf2.0-0-dbg - GDK Pixbuf library - debug symbols
 libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb)
 libgdk-pixbuf2.0-common - GDK Pixbuf library - data files
 libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files)
 libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation)
Changes:
 gdk-pixbuf (2.31.1-2+deb8u8) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2016-6352
     fix for denial of service (out-of-bounds write and crash) via
     crafted dimensions in an ICO file
   * CVE-2017-2870
     Fix for an exploitable integer overflow vulnerability in the
     tiff_image_parse functionality. When software is compiled with
     clang, A specially crafted tiff file can cause a heap-overflow
     resulting in remote code execution. Debian package is compiled
     with gcc and is not affected, but probably some downstream is.
   * CVE-2017-6312
     Fix for an integer overflow in io-ico.c that allows attackers
     to cause a denial of service (segmentation fault and application
     crash) via a crafted image
   * CVE-2017-6313
     Fix for an integer underflow in the load_resources function in
     io-icns.c that allows attackers to cause a denial of service
     (out-of-bounds read and program crash) via a crafted image entry
     size in an ICO file
   * CVE-2017-6314
     Fix for an infinite loop in the make_available_at_least function
     in io-tiff.c that allows attackers to cause a denial of service
     via a large TIFF file.
Checksums-Sha1:
 73056f540f4e80c57ceb6725cf8128c19dd77d05 3032 gdk-pixbuf_2.31.1-2+deb8u8.dsc
 c715e21cacb939d2015c26124640b0aad6ad1986 1340056 gdk-pixbuf_2.31.1.orig.tar.xz
 8e922d47c9b29f17097b451bab14c40db1c8a1c0 22728 gdk-pixbuf_2.31.1-2+deb8u8.debian.tar.xz
 49155a38c422d23e8707ac05e6736dbae0297703 294954 libgdk-pixbuf2.0-common_2.31.1-2+deb8u8_all.deb
 0df7ccd8f99a3bf8dbec82f8f7274dd51f88455e 177576 libgdk-pixbuf2.0-doc_2.31.1-2+deb8u8_all.deb
 5446ce6a852522240ce1a858ff6f7e202307ce13 167918 libgdk-pixbuf2.0-0_2.31.1-2+deb8u8_amd64.deb
 9910ce45ea9f64872de8192ee40e73826e10eb93 433238 libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_amd64.deb
 4814a5fa8a3f567d5446322ff291d6a960dec8ad 53238 libgdk-pixbuf2.0-dev_2.31.1-2+deb8u8_amd64.deb
 f35e9e11d12179f0c1a66ebc61008bb299834728 374046 libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u8_amd64.udeb
 1b4b07262331fd9f75bcc2772c8f95ba548e0beb 17412 gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u8_amd64.deb
Checksums-Sha256:
 709dc9094f08078b3e2cd42de527488b47f239ff09d8b3fc813d63711c7ab1b7 3032 gdk-pixbuf_2.31.1-2+deb8u8.dsc
 25a75e3c61dac11e6ff6416ad846951ccafac6486b1c6a1bfb0b213b99db52cd 1340056 gdk-pixbuf_2.31.1.orig.tar.xz
 0da93a92aa21490144e6dc87398e8f4a1c453db72c25ece7389a67f7f742c74e 22728 gdk-pixbuf_2.31.1-2+deb8u8.debian.tar.xz
 c7e1aa5f9ce835d75fb4a9ff1ab1006884689175644aa428d11f5d8403dd7bc5 294954 libgdk-pixbuf2.0-common_2.31.1-2+deb8u8_all.deb
 5ed0bd1166c4fafaa69247f8b03296b55b65414cf7ad7d6028bab8fe34a4eee9 177576 libgdk-pixbuf2.0-doc_2.31.1-2+deb8u8_all.deb
 6d722dd16df10cf4313f94b59629ec68eee6b571ad2ac3b2ef4302cbac78d303 167918 libgdk-pixbuf2.0-0_2.31.1-2+deb8u8_amd64.deb
 af102a44e732c46e988335ec395000709cfdac2f9c452def31af9146dcb371b3 433238 libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_amd64.deb
 afd82536b7bbfd487617ac90b5a4385a86ccd52f6c10ef48d3910e07d47b69d0 53238 libgdk-pixbuf2.0-dev_2.31.1-2+deb8u8_amd64.deb
 afc73332681e1a950967bbf10078ba6b3a4fbbdf21004563912e51aa67ac1f3b 374046 libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u8_amd64.udeb
 5a6a809caa6a3e9fccb928c106efd0b11c5d748fb740f0dabc0ceed0ae69257c 17412 gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u8_amd64.deb
Files:
 b4cd5ff04b5968ffb7cd34ad183db357 3032 libs optional gdk-pixbuf_2.31.1-2+deb8u8.dsc
 74cde211f5b7ac1015d1a7c9feee037c 1340056 libs optional gdk-pixbuf_2.31.1.orig.tar.xz
 ae063d044a99e8a7e9a6ca3c886ca370 22728 libs optional gdk-pixbuf_2.31.1-2+deb8u8.debian.tar.xz
 57416934636717e5151333d8cc7536bf 294954 libs optional libgdk-pixbuf2.0-common_2.31.1-2+deb8u8_all.deb
 09156cea316a5cbeff8d6a0978702002 177576 doc optional libgdk-pixbuf2.0-doc_2.31.1-2+deb8u8_all.deb
 2b589f8a7f78fbaa5e90884533422d1d 167918 libs optional libgdk-pixbuf2.0-0_2.31.1-2+deb8u8_amd64.deb
 3dc57d38a830a9cfe1953e3739ec5a49 433238 debug extra libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u8_amd64.deb
 76c16dce520c9e366e7fcf7a5725d306 53238 libdevel optional libgdk-pixbuf2.0-dev_2.31.1-2+deb8u8_amd64.deb
 13b7a97f10ee69f7529b1844d41795c4 374046 debian-installer extra libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u8_amd64.udeb
 8455559e222197e600aba9266299f502 17412 introspection optional gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u8_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl37nAdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR9XUD/48xJNIDP0jrA7O+W3MgkQ5VJ6SUGB7
gzRZGOeGUDh+yCu17hOiHX5mz5c6g+rYiXinFa89+TwB4SxLmFfvv0T1m1UILl/S
/sSWkb9qKpRbvMDeq/O+ac1oJOZIkQw9+ND9qBb3BGXs2tGkr1Nhfef0/C9prh9O
wphhljkr544hTBXc4j6bgqrRFJyEt8Eoesrssnxm62ufzUjSNZ1UQp6N1rsG/Buh
C7ARuVIcCKwyP6u0wY+y2aapa8UrGDjYLMUXlECRD150RCTIUpxWJYbVTpjGWQdV
bM2X1SHHrwADA/ATurvZ2nR5Lg0h/QsK42wVtUF46uwpHypmfemfkEb67zOZG/y5
qyKD9QxPgyc2KALvZg/o2cT5lQ1YQobY3DIU262CheJoV8GooGX/TgeTqua0GDGJ
7SJWYlTJ3z5nf6svY7Lp9NCPI6FzNlXgKLmcZAmK+sKtrQ1IZdO6i+S/cQRBRH4s
EwyPSHhvSS4K/udCfAcZ937skq2K2ykCsbexa6rHhmSKeKMiVVGiJ8QwwFB+NASj
afP68jLR3cNXGr9Y/1mgSB0bhPAZ9dZctCTBtBJDNoxYceSC1Wg+11oRx0Yczd0c
0IGSsHzrEZUtvmJlIWhiGbywp+0kEsH6FDHiVd/hGPvqMaANCTGBk6H9J2+aubak
LCn4qBwSsqExRA==
=OVmC
-----END PGP SIGNATURE-----