-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Oct 2018 09:06:29 -0300 Source: gthumb Binary: gthumb gthumb-data gthumb-dev Architecture: source Version: 3:3.6.2-2 Distribution: unstable Urgency: medium Maintainer: Herbert Parentes Fortes Neto <h...@debian.org> Changed-By: Herbert Parentes Fortes Neto <h...@debian.org> Description: gthumb - image viewer and browser gthumb-data - image viewer and browser - arch-independent files gthumb-dev - image viewer and browser - development files Closes: 912290 Changes: gthumb (3:3.6.2-2) unstable; urgency=medium . * debian/patches/ - cve-2018-18718.patch file (Closes: #912290) CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. . There is a suspected double-free bug with static void add_themes_from_dir() dlg-contact-sheet.c. This method involves two successive calls of g_free(buffer) (line 354 and 373), and is likely to cause double-free of the buffer. One possible fix could be directly assigning the buffer to NULL after the first call of g_free(buffer). Thanks Tianjun Wu https://gitlab.gnome.org/GNOME/gthumb/issues/18 Checksums-Sha1: c871540b7fc0351e2b4add5281ca58f956a9d99d 2284 gthumb_3.6.2-2.dsc 0db2b52850a435342aad80f65b465b40603e97c7 31452 gthumb_3.6.2-2.debian.tar.xz 0cc1eb8ad87766ed3328ae7e21c1f2e911c79470 20424 gthumb_3.6.2-2_amd64.buildinfo Checksums-Sha256: 04cdc1607bb66fd14f11955dec44fa077f0a756a21c593535345e9a59f9d16fc 2284 gthumb_3.6.2-2.dsc f4769c2e8ebe803ac3863d6152bdbfa12245d45a357ddf376e79da26e45999e4 31452 gthumb_3.6.2-2.debian.tar.xz 0f9964fde0a6b47c92ce6c75d8f339a93082fc01c8042d699af2021da14941d7 20424 gthumb_3.6.2-2_amd64.buildinfo Files: 00b96578ad14b4d1545d498e6d60aaf5 2284 gnome optional gthumb_3.6.2-2.dsc 92c0b38c4185eaf106ff79d2a60ab5cc 31452 gnome optional gthumb_3.6.2-2.debian.tar.xz 42612cfb45a535130e0cc6a308a783e2 20424 gnome optional gthumb_3.6.2-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEbiJhr5LBUJGFGPlCVSVvKKxgYRoFAlvYTk4QHGhwZm5AZGVi aWFuLm9yZwAKCRBVJW8orGBhGnX8EACTZ39YhRMyO8/ylNOFrQOYxffnvxjIb4Qb 1j3zRYG//jg4oKQmiY9WNGNb0rQKZFJwDpveFJg/lKDCNyiQCaqFIrigwmps6yie S/7ILPuN/SewjaqTKlkYro2G6xsIe5PeU6fWN0WOGB3RV7NWE8HBMJOiLNiJ9b6R 1QNcHMUQo4jTHYbpg8PRnYoS1d82G3/Z0zir7ZXmi2EXDvVMIUiUZn3iy1LiLQXl dpse5LMccx89qWgaFh+qYxgReq8JuUcA38goHU2ZdFx0fTUSkvLY2MSZ5EdDq3um y66YYQV1oMMfOFzp8GoO5ocnw8rHOsnGwY8eaT2dBZZ6jDKjNdelGpj/LR58fn0Z MMIIyxGOVXXOnu5Z1eKzZn+dBeHtMTBNXM4whPONYtyTYMjfHXE7ot5VAK0eJDQZ sJnQdBlq6ZI3pgcL9SxqadvFpuU9Fi/3jFVmLVro17BA3Z4+bmIoiBOuBtUTjomZ Br5RYwwfAXE1qgTklX7U7GdNHmuJ4BaVHSPsZonW+mkZaEsohgEk0Jk3sUjBBIUG bl7u14fYGTrgXdRdON1oP3NODrG5GrBqPvu9PWojkCLSML/La3HeU6W7vc9jmNlZ cafhGcNLhQF8ePcBaREAHue/KklyXpU7DAskv5J37ncHGvbNlnaHQ07CySLjrSRK DANfo9hNjw== =qrNA -----END PGP SIGNATURE-----