Package: libgdk-pixbuf2.0-bin Severity: serious Version: 2.36.5-3 Tags: security upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=778204
gnome-desktop3 3.24 dropped its thumbnailer code to use gdk-pixbuf's. Therefore, the Debian GNOME team is introducing gdk-pixbuf's thumbnailer into Debian after stretch. The following vulnerability was published for gdk-pixbuf. CVE-2017-6311[0]: gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. There is no patch upstream yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311 I am setting this bug severity to serious so that we won't accidentally have this migrate to testing until someone looks into this more. Thank you, Jeremy Bicha
