-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 18 Jul 2019 16:57:48 -0300 Source: gthumb Binary: gthumb gthumb-data gthumb-dev Architecture: source all amd64 Version: 3:3.4.4.1-5+deb9u1 Distribution: stretch Urgency: medium Maintainer: Herbert Parentes Fortes Neto Changed-By: Herbert Parentes Fortes Neto Description: gthumb - image viewer and browser gthumb-data - image viewer and browser - arch-independent files gthumb-dev - image viewer and browser - development files Closes: 912290 Changes: gthumb (3:3.4.4.1-5+deb9u1) stretch; urgency=medium . * debian/patches/ - cve-2018-18718.patch file (Closes: #912290) CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. . There is a suspected double-free bug with static void add_themes_from_dir() dlg-contact-sheet.c. This method involves two successive calls of g_free(buffer) (line 354 and 373), and is likely to cause double-free of the buffer. One possible fix could be directly assigning the buffer to NULL after the first call of g_free(buffer). Thanks Tianjun Wu https://gitlab.gnome.org/GNOME/gthumb/issues/18 Checksums-Sha1: 9c82776a4a933a7a47ff84e87a015cc5d76af8bc 2665 gthumb_3.4.4.1-5+deb9u1.dsc add30eb9782a2476c5ec6357bc5d63dc34d5214c 3420356 gthumb_3.4.4.1.orig.tar.xz 893e7138ddeb58b900767cc5d4e614c66702ea32 32056 gthumb_3.4.4.1-5+deb9u1.debian.tar.xz 5bd295a2560e0f476d352dc0c09562ae690a2c2f 1758936 gthumb-data_3.4.4.1-5+deb9u1_all.deb 7745e1b48e329ef47c66d7961029084058ce307a 4041090 gthumb-dbgsym_3.4.4.1-5+deb9u1_amd64.deb 623a958b8d30d58567df30128b29d0baa8db61d6 608578 gthumb-dev_3.4.4.1-5+deb9u1_amd64.deb d9d887adea7a7eb2a28c52885c66637eed9b4e8a 21201 gthumb_3.4.4.1-5+deb9u1_amd64.buildinfo 5977708e9b25a512e286f2b4335d0679cd8b3f66 886518 gthumb_3.4.4.1-5+deb9u1_amd64.deb Checksums-Sha256: 7b159a3e1cf13a2bad678e9181a4f39018fceb3c133c0c629b20f7b0bf6c5cf8 2665 gthumb_3.4.4.1-5+deb9u1.dsc 4dc63bb1cc1f139259bba7f9fd1735182f16ba37254119a9f9c3e13a898a9533 3420356 gthumb_3.4.4.1.orig.tar.xz 66e7518575d5a6db09bc565cc9f7a5350a217f0e39c901fe54b982dff38980c7 32056 gthumb_3.4.4.1-5+deb9u1.debian.tar.xz 5c98b6412cd40070365b534ebc8279cbdafddbe277dd5ef755fdda3bedfc9411 1758936 gthumb-data_3.4.4.1-5+deb9u1_all.deb 4c172c7dfc0eea889d00b5e0513cf9ee658c1ec15c520e26d45d170ce603d711 4041090 gthumb-dbgsym_3.4.4.1-5+deb9u1_amd64.deb 3cec623abe95dd27aa64ff4a28c656f7a7743c70a953a29456d67cbffc50cb37 608578 gthumb-dev_3.4.4.1-5+deb9u1_amd64.deb 7c19d62a52c671fc38832418359c3a1a25ef6c124b2e452486ac08921f5002ee 21201 gthumb_3.4.4.1-5+deb9u1_amd64.buildinfo 206b7c4a9b7e2eb4249688e0322efe21d97dfa0eadb5e6b76b00f8b69eef184e 886518 gthumb_3.4.4.1-5+deb9u1_amd64.deb Files: 0d920461dca0badc181b2284748a5959 2665 gnome optional gthumb_3.4.4.1-5+deb9u1.dsc 1745a756007f2a905c341131ae7d89f9 3420356 gnome optional gthumb_3.4.4.1.orig.tar.xz 397530abc1bac8c7293739db23eb00d4 32056 gnome optional gthumb_3.4.4.1-5+deb9u1.debian.tar.xz eac06d1ce797414d14a3694d63a2a3de 1758936 gnome optional gthumb-data_3.4.4.1-5+deb9u1_all.deb 8b8ae913230a7c28399f3fa194157840 4041090 debug extra gthumb-dbgsym_3.4.4.1-5+deb9u1_amd64.deb a422ff9e24f14b8e281615cdb801c05f 608578 devel optional gthumb-dev_3.4.4.1-5+deb9u1_amd64.deb c108093a102ca0e75677239d977e8808 21201 gnome optional gthumb_3.4.4.1-5+deb9u1_amd64.buildinfo 6c90a7d986c1dac0fd499d13e274b820 886518 gnome optional gthumb_3.4.4.1-5+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE6OBDRWqw8055UbKI8ASs5PATHs8FAl0zAdcACgkQ8ASs5PAT Hs9CgQ//Ua6P2Fz4PTgNHM27rCCfVu3KhK86U08gtaxRckYSfaIa8jm5hEgbtCw8 Ny7Qn00NpnCDDtolvX1fewkK/PjSqLGCxGDoRY91Bc+GQH1JZIEy+0A7Tzpj2Fdm r2HpkipoyoUC5YoY0NEmS0Zc9r560r4SDelqgEtzr35DEdaJ42tzCvJtHC8l5hEU O0W8LXajjTmndy+ewZbYKl1Tv+sFd8HxqQNJcL1dFRR9TzSor83N6p1vxwmxUwEu ln4gVg3TZxNrDCMBbTV5gwxAZj3cVKXPCzJZGRyVhRaGZ9/ShqgJohlyegSmPPIK 6uy70OmVgYGdqnR5NOYxCJd6mr5YFOpT4szowTU4X5B2jPuMHCgugjr9FRS2s0QX Rhy47ideVokZbgj8KSOu51Y2mYvxj0fwI8nW272H6/12uV4OrMFS/kwEiV9kNXEI kHeZGOndCw3tQjUd5a7tPTvljpHZT5pijYVhWyX2g0aSLeEvHaVfqzhRguzv+LZ/ mkTiAj6wiqcEEJ8mzsqLmxo8JT0PCwpSTM41lyEFgtBCn0BiA1DYvSjU3OALCKgs /no+gsdxR5VptVnHl7MXuP+1If75Bl8MiUmqV+qcZd6mVdR0L4UGkd3z+VsXFSHQ DcSjq9Q4UFi84v4DFCgGVvhJzbjlrT2meEnM51qKX6KzWYyXlbo= =Acne -----END PGP SIGNATURE-----