Accepted xcftools 1.0.7-6+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 09 Feb 2021 23:17:14 +0100
Source: xcftools
Architecture: source
Version: 1.0.7-6+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Jan Hauke Rahm <jhr@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
xcftools (1.0.7-6+deb10u1) buster; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-5086 and CVE-2019-5087:
An exploitable integer overflow vulnerability exists in the
flattenIncrementally function in the xcf2png and xcf2pnm binaries of
xcftools. An integer overflow can occur while walking through tiles that
could be exploited to corrupt memory and execute arbitrary code. In order
to trigger this vulnerability, a victim would need to open a specially
crafted XCF file.
Checksums-Sha1:
84cf53cfdefc6101f633def46946802e97459cc2 2065 xcftools_1.0.7-6+deb10u1.dsc
162d6fcabf98e3d475a05171ca12adf48c135482 9176 xcftools_1.0.7-6+deb10u1.debian.tar.xz
1555453f82ee48e9778affbc4f323bc99e9e5e9e 6172 xcftools_1.0.7-6+deb10u1_amd64.buildinfo
Checksums-Sha256:
42fadb8de214f7783f90eefc61dccd3f04c6d3369abfea888ee1c206939e8518 2065 xcftools_1.0.7-6+deb10u1.dsc
f3cf847724982bdbb5c91e3a763b79ea2bd874ccde4235b65be4d9142c159caa 9176 xcftools_1.0.7-6+deb10u1.debian.tar.xz
ccd3d71f2f75df31833d565854b6ede9091af01f9efb192d4c175ebd41c29249 6172 xcftools_1.0.7-6+deb10u1_amd64.buildinfo
Files:
74186d42b71f50b36095cd22f30f968e 2065 graphics optional xcftools_1.0.7-6+deb10u1.dsc
3e163112005069f321dc3ed9a817b6b6 9176 graphics optional xcftools_1.0.7-6+deb10u1.debian.tar.xz
af0cc8f65a3d4abe201188cff99b72f6 6172 graphics optional xcftools_1.0.7-6+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmBHuWJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkbU4QAMIkCZ2DHcQTspgBbBnTf7iyJSAybTNnCUQd
18oh5mAQaoN2v0Z8IRvis2V3qMABt+Q/Y0eXGvpGiP3fqFWsegfefyIGecfHZPdK
YkLoWNB1EZ2KjqpMti2HatT1vAplkEtW5sZYOpnENeWCnsa+TW5KqnK2pJZiiU8O
SYu8b34QrDyCl+hPX459CFUtWlUztJEIdbQcxpDM+2tQDubqJfAbcXb3zG1Xgx9H
z+meTSo4hN9BdN0YFPtuux7RA6usDw4qnk/+Tnxj82roqe4gLMSVzXR3LwurwfdL
RV/td2AKq32kDdY2JaXDEs/irZNNnBRU+BOe3k4ONAuNWxdGolbdjoutPAGPmulV
fOmgeLFzqS0JN4oqbKbkkwrhAh8PKG3qsdzf8fK3TUu9QqgTEbFLPJCyOmDozBQP
sONIm63lV8AU8gluS2kRGNz1K9EG7FrOlrILf2APLG1oY1TMphBu7vprCNMfXBTF
pK2JVrWe8PAFehB2OovLEIULEL/PgN4w5GlVUJ9ZwPZsoyk+fT75bRxHDu/QBNyw
DWF0iYYJGgsD5Pto6NnEM2JYFtUtWGsjQrSPCka3p5heQ3+lyxUsCvq2dLCm5Kjs
mK+sgBzetwr8G4gdT9CFYNCwy36RrQ1d93G3y2GXcSEqTuGWvACMlYnfh3VTHAqq
wdmGl4XU
=qaoM
-----END PGP SIGNATURE-----