Accepted xcftools 1.0.7-6.1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 Feb 2021 08:32:07 +0100
Source: xcftools
Architecture: source
Version: 1.0.7-6.1
Distribution: unstable
Urgency: high
Maintainer: Jan Hauke Rahm <jhr@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 945317
Changes:
xcftools (1.0.7-6.1) unstable; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-5086 and CVE-2019-5087:
An exploitable integer overflow vulnerability exists in the
flattenIncrementally function in the xcf2png and xcf2pnm binaries of
xcftools. An integer overflow can occur while walking through tiles that
could be exploited to corrupt memory and execute arbitrary code. In order
to trigger this vulnerability, a victim would need to open a specially
crafted XCF file. (Closes: #945317)
Checksums-Sha1:
5d4b7d90db048632eb1d1a735121a72f305ee667 2041 xcftools_1.0.7-6.1.dsc
8b8ded7dbb51abcae3465b8fd38f5df17fd21646 9168 xcftools_1.0.7-6.1.debian.tar.xz
08e4c6dddf7764407ecca2aec4f5b547bf422b6d 6282 xcftools_1.0.7-6.1_amd64.buildinfo
Checksums-Sha256:
ab92aafb0af366d70dfc141f76189df53cad24936500f6150cc1c07cd5ecffff 2041 xcftools_1.0.7-6.1.dsc
ec3c285c1900da6e464532c6345ad5a3d917b9e2aa1390a87d51a285ccc93637 9168 xcftools_1.0.7-6.1.debian.tar.xz
b4f22e7debf6d0851c72e4f48fbd490dc02359c0a17491577bb3823eb5910999 6282 xcftools_1.0.7-6.1_amd64.buildinfo
Files:
768bc90e3b3430f01908b2243d23b2b5 2041 graphics optional xcftools_1.0.7-6.1.dsc
4bb163b21077dac8c0941c9edf0b1421 9168 graphics optional xcftools_1.0.7-6.1.debian.tar.xz
6df217c0a1d45961fa623aef5ac43f0e 6282 graphics optional xcftools_1.0.7-6.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmA3VgBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkAjgP/3XLjbg7iynpDWEnww/SvK3VQysaWASOzGe5
3JFh7GKyORCEV9vOSBB54dDdCq49nbjzd+Wi/U61ErCz/s0fzdu+f9ifd57xVzAw
PLQlLS5psSYc7jQ+lwwDPhHzdFmmj8fUGj5Ub2nLhw3TS9LW1FIBuZwiIudXDT6U
t13wL502/PkXRRyc0iFlWLnqFxE/W7Ip9FHbkBUJvLjZnMh9RPOTndjjlSVRku5u
3m5YofUWxuWXjVv21h/ZUd+VQ7O6SGhVIRzASVjZkhUocj/dPNe6eCn2f/WjFuy+
SZgZ64KxATYy5IyGxIz8P/l1g2T8ufjAVl27OhF97aWlaSOXwd0dB37IILXlv4Qs
6FVlb1rdIdQMKKJeATaaCAtzgHd37WwpB+k0qYBFADRVbaoq3ssoD4Md3FJb0Vv9
zRGLEBjJ8LWA4urckJsKpvgDZI0p4h3tJ5JF36/gLu10JwVvY6d9o8h2pjt1BM2/
fHFVB6eJWNCp+/4ryJ19eGEZtiOiKVJ3JZixsbckwEJUlypkxDTH1eGbldYZbmAb
6q08aDSDd9IWYZlV3T7aFhuLKPXqw/VrAeRbyym99MWv4F6QHXA0pBHeX1jtbddx
u+gTlmDjdEMTC48fE+4pXR86XNNY+p+n1Ls2xNdmOZXLheYno+OAaqTVZ0/UQyKw
NfRESP5P
=PdhS
-----END PGP SIGNATURE-----