Forum: >>> Magnum BBS <<<

Bug#1107994: marked as done (gdk-pixbuf: CVE-2025-6199) (2/2)

From Debian Bug Tracking System@1:229/2 to All on Fri Jun 20 11:50:01 2025

[continued from previous message]

Content-Transfer-Encoding: quoted-printable

Source: gdk-pixbuf
Source-Version: 2.42.12+dfsg-3
Done: Simon McVittie <smcv@debian.org>

We believe that the bug you reported is fixed in the latest version of gdk-pixbuf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107994@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated gdk-pixbuf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jun 2025 09:52:41 +0100
Source: gdk-pixbuf
Architecture: source
Version: 2.42.12+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 1107994
Changes:
gdk-pixbuf (2.42.12+dfsg-3) unstable; urgency=high
.
* Team upload
* d/p/lzw-Fix-reporting-of-bytes-written-in-decoder.patch:
Add patch from upstream to fix LZW error reporting.
Setting the reported output size to the full buffer length rather than
the actual number of written bytes can cause uninitialized memory
contents to be disclosed. (CVE-2025-6199; Closes: #1107994)
* Set high urgency for security fix
Checksums-Sha1:
20fee1d33f649597eb50f969f8d2faf3d1b446d0 3214 gdk-pixbuf_2.42.12+dfsg-3.dsc
07fc770e07a0a8ecc6b478fc6a01cede71febd29 22448 gdk-pixbuf_2.42.12+dfsg-3.debian.tar.xz
7571df899c54d9ff51071d357b373c34025bd43d 9209 gdk-pixbuf_2.42.12+dfsg-3_source.buildinfo
Checksums-Sha256:
c071f923775e859e5fbf5e0f6a090ad6872cfee44f265cc8c977a40b18c2c8f9 3214 gdk-pixbuf_2.42.12+dfsg-3.dsc
900fcb2d377a5cd7c7bfb0b56ee6bae104f776b561e67147f571d1875130b2b3 22448 gdk-pixbuf_2.42.12+dfsg-3.debian.tar.xz
424db3540599d39d7f97438e1333eab60726a6e2c7c2494191ffa0522f596d82 9209 gdk-pixbuf_2.42.12+dfsg-3_source.buildinfo
Files:
14e5e38923c6fe9d4ebaca990a2a3461 3214 libs optional gdk-pixbuf_2.42.12+dfsg-3.dsc
aeb411a00b0b157caf9b127f9f558aa3 22448 libs optional gdk-pixbuf_2.42.12+dfsg-3.debian.tar.xz
88ebae5f068a450956ca3b69593aea53 9209 libs optional gdk-pixbuf_2.42.12+dfsg-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmhVKPEACgkQI1wJnT6z MHbABQ//Wqp9vnvadn4RMYN+h96jHhy+dOSSbiejlb9YcS/8aSelauXGAPW/v6BD z8Cxkswjq0l/SDLre3mndYtnL2kba3zgX8RWSzKeO7A8dkAJw/aU8xul52IHUix7 vRg3NbQKvPIN1+EfjSG6uiuoIAuIoRiCrb5k3RqaFjPHopCy/OH26gXDZrVPXppm hKBEzJteMOSOPzOb4B2QePn1T0dKQT8pxaxHnrCQYwGXSWGBs7dvKFIQY7UD8/zc 2beHCCOp1Ils6IWEFMh4B/ftX66oqR5Xi6D6OYzPAhR/W9GwCw5RbtOxgDpvXy6b IPG817PJbcD8l7guaiogpLoOpFsqX1OpGRfl2rOReZpddL+LXecr+j3D3id56lLQ 1jub/CCW/N5jNiSlzyqYEhvYOWvuV24q5qSf0A32lq8nxZv5IkIkKmNpZ+tlB8ZK NfYghkSLxyGxzm4aRGsba2UcxXK0DSd4K9WCHW7obxz6SsA22l46S5S5xsL13iB7 4aDhhjD+IZJ8YsDfleB46zu2asQWCcUOeMWhCO4pOdqHN+ZCZKdIsQYIJ3hCeH+T 1TxH/TMXwuDMljNxuyX/YetRH1fXgcoOMPXt8H/EbShpc9+o0HJFrVdLL2QaLzXb c8947geA9rHDx4TzDDxq0AwDRxJ4zrsK5D/1q6NUwWkcw5bIsM4=
=VV3S
-----END PGP SIGNATURE-----

--==============�00183438567249420=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaFUsqAAKCRCb9qggYcy5 IQPOAQC8Ie4+dTPgHSTS4EoNtaPAnQ5at0IC5KzoQliNX2wiKQEAiG3ER6gnY6Ov MGiko9kKAlupo61hIbjhWk1JHNSSrA4=uzo5
-----END PGP SIGNATURE-----

--==============�00183438567249420==--

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From Debian Bug Tracking System@1:229/2 to All on Mon Jun 23 22:50:02 2025

[continued from previous message]

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Source: gdk-pixbuf
Source-Version: 2.42.10+dfsg-1+deb12u2
Done: Moritz Mühlenhoff <jmm@debian.org>

We believe that the bug you reported is fixed in the latest version of gdk-pixbuf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107994@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated gdk-pixbuf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Jun 2025 22:52:54 +0200
Source: gdk-pixbuf
Architecture: source
Version: 2.42.10+dfsg-1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Closes: 1107994
Changes:
gdk-pixbuf (2.42.10+dfsg-1+deb12u2) bookworm-security; urgency=medium
.
* CVE-2025-6199 (Closes: #1107994)
Checksums-Sha1:
e8b26207baca80b4e71b74373c42b88194dd31d8 3173 gdk-pixbuf_2.42.10+dfsg-1+deb12u2.dsc
08baf45662714b21a1fa78d1ade4926cee1a5506 6439240 gdk-pixbuf_2.42.10+dfsg.orig.tar.xz
bb7b0dd3893c3c2c7410f200f2d00f49ec1ff788 22604 gdk-pixbuf_2.42.10+dfsg-1+deb12u2.debian.tar.xz
45a9ba68cb9f237817bffe75ca36064a7d99e5bf 12754 gdk-pixbuf_2.42.10+dfsg-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
117f2f12e10c1a81b402f316edc37a1f02377e3475601360a2d50583a3432fca 3173 gdk-pixbuf_2.42.10+dfsg-1+deb12u2.dsc
46663e445468e92f4a0ca876b02aed4f8758595ee3acfaa6ef3ba2b29e1c1930 6439240 gdk-pixbuf_2.42.10+dfsg.orig.tar.xz
0a00c1c52b64abbe5fab1f08cc6c4b1032680c95ca9fdaf148f115011755de4b 22604 gdk-pixbuf_2.42.10+dfsg-1+deb12u2.debian.tar.xz
48595902c18e0862fedde08c3e9eedb700b60fab80d69fee27986c24382ffd36 12754 gdk-pixbuf_2.42.10+dfsg-1+deb12u2_amd64.buildinfo
Files:
2be9284ca646cba25e7ec62e1dcf3556 3173 libs optional gdk-pixbuf_2.42.10+dfsg-1+deb12u2.dsc
25dc1bf2c14ae78161f603fe62dad38f 6439240 libs optional gdk-pixbuf_2.42.10+dfsg.orig.tar.xz
beaeb389badf5ac82ddc617057d83585 22604 libs optional gdk-pixbuf_2.42.10+dfsg-1+deb12u2.debian.tar.xz
af2a900ec1e1eda8e8f5819628c3a18c 12754 libs optional gdk-pixbuf_2.42.10+dfsg-1+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhVadQACgkQEMKTtsN8 TjZGRg//ZyFoQ4cbMTS0bGmqSdEk9/rqFpHHjv8knjGVJZpmejt2wj3bpCTOxRQS AWRgPL+LSajm4le5ZG/+jxhc2bqx1frKIEmddwVVXLOuzvSXd8PE3uCLFwWn0M2l RzooBmr10m4pM408jBHOFziWcUaQFo+hl1OivxlIgmobeiIDdOJWwK1tMuzhjr7n 92cOSVuByrpCl6Yx6GWzjBFfv5L5Wk4jar8R2PXxEt0AzwaYmkbG1w3UQ0qVKhLp /m4r8RHuQQInUoQa9BIT6E7RTgJdpzIYSMExx2ojY2z6no5a7xGcKCPwhhKwh6nD lbfKWoS2yQkBWLFIC3uS6z3G+IIhZGnnmiZFhK9Dh9v6GaEY1pGpSSb7N/axYdnI qtkBrIaMXweuElB5evOT+ngWoxHps1i0mbN4GF6mIZFoINDBr8D8b2EWU44a5Q/J SJvrcrWTZjqWvbjInoexI9mDJfX5atQuKCUVEFbLF8KJtDcvJGDdH8XrZdDPKR4H fw9Flm8x+Rm34p3g+oRV5HEujKgnPq9f2RAAQbK3re7oz02lsPk5t1EvbTig4Hti 9u45RvO9pKVZaOcmBD+eJf/1xtWNXX86N5cTItBNFBWm85dvWcJOVvKR0uhUcq+v RaThHyuHMvUCV46lf252jdw4mgxr5Gy8czNAbo5KUv/YZlg8avs=
=36jD
-----END PGP SIGNATURE-----

--==============h56055212554877522=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaFm9TQAKCRCb9qggYcy5 Ie1TAQCBd0ZjZY1g9v0u0vh3+qi9uZ/1WycuqVQ+IIsR82BhuAD/YR1n8qjoH9Pp +YOG1DHvpGlrW8hnwo1yHw62ab8ifgA�zu
-----END PGP SIGNATURE-----

--==============h56055212554877522==--

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Gretchiie
  Tue Sep 16 05:20:21 2025
  from Derry, Nh via Telnet
- Ginger1
  Mon Sep 15 19:33:54 2025
  from London via SSH
- Bob Worm
  Mon Sep 15 15:42:34 2025
  from Wales, Uk via Telnet
- Gretchiie
  Mon Sep 15 05:16:29 2025
  from Derry, Nh via Telnet
- Fred Blogs
  Mon Sep 15 00:03:12 2025
  from Uk via SSH
- Plume
  Sun Sep 14 09:34:52 2025
  from Uk via Raw
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	20:52:30
Calls:	10,390
Calls today:	1
Files:	14,061
Messages:	6,416,977

Bug#1107994: marked as done (gdk-pixbuf: CVE-2025-6199) (2/2)

Who's Online

Recent Visitors

System Info