-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Jul 2019 16:57:48 -0300 Source: gthumb Binary: gthumb gthumb-data gthumb-dev Architecture: i386 Version: 3:3.4.4.1-5+deb9u1 Distribution: stretch Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Herbert Parentes Fortes Neto Description: gthumb - image viewer and browser gthumb-data - image viewer and browser - arch-independent files gthumb-dev - image viewer and browser - development files Closes: 912290 Changes: gthumb (3:3.4.4.1-5+deb9u1) stretch; urgency=medium . * debian/patches/ - cve-2018-18718.patch file (Closes: #912290) CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. . There is a suspected double-free bug with static void add_themes_from_dir() dlg-contact-sheet.c. This method involves two successive calls of g_free(buffer) (line 354 and 373), and is likely to cause double-free of the buffer. One possible fix could be directly assigning the buffer to NULL after the first call of g_free(buffer). Thanks Tianjun Wu https://gitlab.gnome.org/GNOME/gthumb/issues/18 Checksums-Sha1: d1264ad6fe52c920e9c9602d9c1b000ac1b1fae4 3524094 gthumb-dbgsym_3.4.4.1-5+deb9u1_i386.deb a77ff355f2d9a146f4a4b1dae7ef35bf01183a2d 681062 gthumb-dev_3.4.4.1-5+deb9u1_i386.deb 01f34a85953bdfae665e8321bf33968be1d568d4 20638 gthumb_3.4.4.1-5+deb9u1_i386.buildinfo b34a66ac92fdd14e0ef6013526ed4a47b2ea1b67 989076 gthumb_3.4.4.1-5+deb9u1_i386.deb Checksums-Sha256: 37580c3f4bec700aeeb49743aa2ab978be94a5a975a7b309b2a1ba7eaab1e8cf 3524094 gthumb-dbgsym_3.4.4.1-5+deb9u1_i386.deb 30e006f755cbc4584bff0c8369fa040471c1f13f4db3db98c6fec4293099a2e2 681062 gthumb-dev_3.4.4.1-5+deb9u1_i386.deb a87656c998c24126d56aaec9f7a2fd7e24a418f316e6f4b12945be4edeea0488 20638 gthumb_3.4.4.1-5+deb9u1_i386.buildinfo 1b8e6b40b557482938dc1bb01147efbd563e8434f08c2e789d7db7343fcb92c4 989076 gthumb_3.4.4.1-5+deb9u1_i386.deb Files: b8f35a38e99bff3a7c86622b0241029d 3524094 debug extra gthumb-dbgsym_3.4.4.1-5+deb9u1_i386.deb ef7f8650a97b3700a094432c6e21ee9c 681062 devel optional gthumb-dev_3.4.4.1-5+deb9u1_i386.deb b78bdf987463004f5439e6eda3115663 20638 gnome optional gthumb_3.4.4.1-5+deb9u1_i386.buildinfo ed72be9a2fe9a6b86088dce790ef1d6c 989076 gnome optional gthumb_3.4.4.1-5+deb9u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE56RkdImmGnu/qTMEtnmMmMOJfQ0FAl0zgUoACgkQtnmMmMOJ fQ2U6RAAtXV75UtoHTw52DxlOKRWrjWhryF0rCBp/L/RWaNrhTIF/TOGKq2UtW/W 3IVlB3GEY1+LE0rMfNEGm/tQ4YbXVkpUq3jgtVGoCNsG0SeKSMGTJFk0R+5Qnjcl ZS0Rc+iARcxpebCYjSiMl4r8Wjzf/ERTtBzw3MlNNeaqR434OiwbdCsf5SlOo0yy SSY9RlzzdZl/Y+TFlffPvTcq3ek8AWwXgJUJN9uBlPLvmUkbLR4rZPF3H2gfRv9h NqrjWLTe9XM144caDYNf5Hv+kCIKtdQx+OaOPD5wOHQn+1gMQg7JPeXcYn58ZDBF mT8GbZ/WA7WHmo4inOe6UaZplXNV0ISMFfUuEq8Evefyw2tWRMB3YFP1vZzdpTBE lvAFuWMv1kEY2kUsVDEGnJSsncdlPuef/DcDPsr46bU+IIRm05e40dHXcHFWD4oz nfSmAHSckRllUPYyqvyBmDODSND+ZarC7dP1SdyA7UyavpZM76KqSrF6d4zcxOed ZmoFEza0lIUZHdGn2jKEL6QkUH2N8bHr2jaI3XxFpKDbXjL5scB6+vziFH/wIQGc zqdkO9Ls9GykL3Vvgelc3LSOoKTaAAdjuVfYwN+1Qyhzm5BBXNi9P7MR5wtsqU6y /4uzCaAeXXK6487BRwXD4Tl27KmIaOt8IBhMbwzPxriqB0S9NIY= =5rF7 -----END PGP SIGNATURE-----