openSUSE has issued an advisory on January 12: https://lists.opensuse.org/opensuse-updates/2019-01/msg00031.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing some committers.
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210, mageia, marja11, olav
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. (CVE-2018-18718) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18718 https://lists.opensuse.org/opensuse-updates/2019-01/msg00031.html ======================== Updated packages in core/updates_testing: ======================== gthumb-3.4.5-2.1.mga6 gthumb-devel-3.4.5-2.1.mga6 from SRPMS: gthumb-3.4.5-2.1.mga6.src.rpm
CVE: (none) => CVE-2018-18718Version: Cauldron => 6Source RPM: gthumb-3.6.2-2.mga7.src.rpm => gthumb-3.4.5-2.mga6.src.rpmWhiteboard: MGA6TOO => (none)CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
Mageia 6, x86_64 Tried this before and after updates. Slideshow mode for current directory. $ gthumb -s Works fine - shows first frame of animated gifs during the sequence. Current directory. $ gthumb Surprisingly, it acts as a video player for some MKV files. This directory contained two. One worked as a video, the other did not. All images shown as thumbnails. Selecting and animated gif sets the gif running. Thumbnail menu of specified directory. $ gthumb Pictures Selected image can be scaled in three ways. Properties can be viewed, meta-data, colour profile. Images can be tagged and descriptions or comments attached. Some image editing options are provided. Rotation requests may trigger warnings about distortions (e.g. if image sizes are not multiples of 8). Looks like it is working as designed. OK for 64-bits.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Rapid work, Len: cleared same day! Validating, advisory from c2.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0039.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED