-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Jun 2024 10:04:29 -0400
Source: gdk-pixbuf
Built-For-Profiles: noudeb
Architecture: source
Version: 2.42.2+dfsg-1+deb11u2
Distribution: bullseye
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Jeremy Bícha <jbicha@ubuntu.com>
Closes: 1071265
Changes:
 gdk-pixbuf (2.42.2+dfsg-1+deb11u2) bullseye; urgency=high
 .
   [ Ian Constantin ]
   * SECURITY UPDATE: heap memory corruption (Closes: #1071265)
     - debian/patches/CVE-2022-48622-*.patch: adds checks for invalid ani files
       to gdk-pixbuf/io-ani.c.
     - tests/tests-images/fail/CVE-2022-48622.ani: test file.
     - debian/source/include-binaries: including binary test file.
     - CVE-2022-48622
Checksums-Sha1:
 cfc23b188d7ec2575db38c8b9c7c3e4410a2ca59 3186 gdk-pixbuf_2.42.2+dfsg-1+deb11u2.dsc
 b1b9c253c8a28225213703e8678562219501c902 37484 gdk-pixbuf_2.42.2+dfsg-1+deb11u2.debian.tar.xz
 d446c69706d4194d70cf675b1bcfe48b86eae051 12737 gdk-pixbuf_2.42.2+dfsg-1+deb11u2_source.buildinfo
Checksums-Sha256:
 75494c6db3917a144438ad1b084300e84a1f6ed7f38c354bee9200b2ce44a1eb 3186 gdk-pixbuf_2.42.2+dfsg-1+deb11u2.dsc
 45a5a344bc44deea1a6daf3131b070c38af6645759f787f9ab87e9e9f318da93 37484 gdk-pixbuf_2.42.2+dfsg-1+deb11u2.debian.tar.xz
 f36e2f7423662a20c787c6f24121cbab42eef64b62fe62c728091325697266a0 12737 gdk-pixbuf_2.42.2+dfsg-1+deb11u2_source.buildinfo
Files:
 7742874090ed26230bcdab41c890e661 3186 libs optional gdk-pixbuf_2.42.2+dfsg-1+deb11u2.dsc
 1e3f77a6fd642205d1b07b099ed591cc 37484 libs optional gdk-pixbuf_2.42.2+dfsg-1+deb11u2.debian.tar.xz
 5c46177922999d850152fc5181b2c043 12737 libs optional gdk-pixbuf_2.42.2+dfsg-1+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmZ23K0ACgkQ5mx3Wuv+
bH3c7Q/+KksVc161WNOjv5Vp5A5Pgx5nPTLhZ1+m4oU8a3uoRzrxQKBCh2sDmdOa
kxjBl8TXudnCSTtC1LNYRNFpikp/y8bnq2PPo/zJKZKNaYJe2+bpgiP4AwcKqZu1
hXzFyHplPBgcEE7viMyr17i9SaqYLf6NYSMEW+62RpRo0jqZ59w2Lie+vFLCsHCr
9kyt5ExOJJIau/0Xkde//v5w7VsAlRHSQki7PBxsjnNbTYTxomrfO87//5mK8WjP
Zg+HqN/Rll/PLdX9+NEp4kWKdiArEdRAEMJASS34xPwcj6vq0IeiaY/+eO19QvKe
2CrJoyBNo17JaicWLKU7EX+8dImYR1ZMxfQ4BH9TsNFdfiRe32CxEGOKNJ+NNzV7
d2lecj2CyI9HeIf9LDw+2XuEzigXWoieAwSBTvmsayqYm8a0+1CNwVZtVDkJ6Si7
yllGGNPT6W1NdiHcMUA6nev8x0TQSI5N4aRdkA6R5UyjApOOqmba73Lg97hLN3oc
yQ6Wic10qD1QjxrvN5MDXKGpyrbAKHhIvzz+YuCUhwWcUIxJZYncUbbHNc60FpqC
SAIUvuicV2X5phjXbowCNNuzmkZN8JJwHrlQyvLI0rPWd3rhLiTygZQ3keLbY8aZ
CQGHxl+93c79e1k2Y3bZRDoTvvdoRBTpAMmQE8mIMn7uVjvludI=
=C8Xl
-----END PGP SIGNATURE-----