Publishing details

• Published on 2019-09-07

Changelog

gthumb (3:3.4.4.1-5+deb9u1) stretch; urgency=medium

  * debian/patches/
    - cve-2018-18718.patch file (Closes: #912290)
      CVE-2018-18718 - CWE-415: Double Free
      The product calls free() twice on the same memory address, potentially
      leading to modification of unexpected memory locations.

      There is a suspected double-free bug with
      static void add_themes_from_dir() dlg-contact-sheet.c. This method
      involves two successive calls of g_free(buffer) (line 354 and 373),
      and is likely to cause double-free of the buffer. One possible fix
      could be directly assigning the buffer to NULL after the first call
      of g_free(buffer). Thanks Tianjun Wu
      https://gitlab.gnome.org/GNOME/gthumb/issues/18

 -- Herbert Parentes Fortes Neto <email address hidden>  Thu, 18 Jul 2019 16:57:48 -0300

Builds

Package files

• gthumb_3.4.4.1-5+deb9u1.debian.tar.xz (31.3 KiB)
• gthumb_3.4.4.1-5+deb9u1.dsc (2.6 KiB)
• gthumb_3.4.4.1.orig.tar.xz (3.3 MiB)