Publishing details

Removed from disk on 2021-04-10.
Removal requested on 2021-04-07.
Deleted on 2021-04-07 by Ubuntu Archive Auto-Sync
Moved to hirsute
Published on 2021-02-25
Copied from debian sid in Primary Archive for Debian GNU/Linux by Ubuntu Archive Auto-Sync (sponsored by Ubuntu Archive Robot)

Changelog

xcftools (1.0.7-6.1) unstable; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2019-5086 and CVE-2019-5087:
    An exploitable integer overflow vulnerability exists in the
    flattenIncrementally function in the xcf2png and xcf2pnm binaries of
    xcftools. An integer overflow can occur while walking through tiles that
    could be exploited to corrupt memory and execute arbitrary code. In order
    to trigger this vulnerability, a victim would need to open a specially
    crafted XCF file. (Closes: #945317)

 -- Markus Koschany <email address hidden>  Thu, 25 Feb 2021 08:32:07 +0100

Available diffs

diff from 1.0.7-6build1 (in Ubuntu) to 1.0.7-6.1 (1.4 KiB)

Builds

Package files

xcftools-dbgsym_1.0.7-6.1_amd64.ddeb (134.1 KiB)
xcftools-dbgsym_1.0.7-6.1_arm64.ddeb (131.6 KiB)
xcftools-dbgsym_1.0.7-6.1_armhf.ddeb (130.0 KiB)
xcftools-dbgsym_1.0.7-6.1_ppc64el.ddeb (147.1 KiB)
xcftools-dbgsym_1.0.7-6.1_riscv64.ddeb (134.0 KiB)
xcftools-dbgsym_1.0.7-6.1_s390x.ddeb (146.2 KiB)
xcftools_1.0.7-6.1.debian.tar.xz (9.0 KiB)
xcftools_1.0.7-6.1.dsc (2.0 KiB)
xcftools_1.0.7-6.1_amd64.deb (66.8 KiB)
xcftools_1.0.7-6.1_arm64.deb (65.7 KiB)
xcftools_1.0.7-6.1_armhf.deb (62.4 KiB)
xcftools_1.0.7-6.1_ppc64el.deb (73.4 KiB)
xcftools_1.0.7-6.1_riscv64.deb (65.8 KiB)
xcftools_1.0.7-6.1_s390x.deb (69.9 KiB)
xcftools_1.0.7.orig.tar.gz (267.0 KiB)