CVE-2017-6311 (was: Re: Accepted gdk-pixbuf 2.36.5-3 (all amd64 i386 source) into experimental, experimental)

[Salvatore Bonaccorso]

Hi Jeremy!

On Mon, Mar 20, 2017 at 01:00:23PM +0000, Jeremy Bicha wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Tue, 14 Mar 2017 16:05:47 +0000
> Source: gdk-pixbuf
> Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb gir1.2-gdkpixbuf-2.0
> Architecture: all amd64 i386 source
> Version: 2.36.5-3
> Distribution: experimental
> Urgency: medium
> Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
> Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
> Description: 
>  gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection
>  libgdk-pixbuf2.0-0 - GDK Pixbuf library
>  libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb)
>  libgdk-pixbuf2.0-bin - GDK Pixbuf library (thumbnailer)
>  libgdk-pixbuf2.0-common - GDK Pixbuf library - data files
>  libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files)
>  libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation)
> Changes:
>  gdk-pixbuf (2.36.5-3) experimental; urgency=medium
>  .
>    [ Jeremy Bicha ]
>    * Add new libgdk-pixbuf2.0-bin package to install thumbnailer
>      binary and metadata needed by gnome-desktop 3.23 (LP: #1665602)
>    * Have libgdk-pibxuf2.0-0 recommend libgdk-pixbuf2.0-bin
>    * debian/rules: Change dh_install's --list-missing to --fail-missing to
>      catch this issue sooner next time

I had no time to actually check the done upload, but can you please
double check that with this upload CVE-2017-6311,
https://bugzilla.gnome.org/show_bug.cgi?id=778204 is not opened up?

Regards,
Salvatore