From ${URL} : An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. Upstream patch: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5 References: https://secunia.com/secunia_research/2016-17/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Bug 587010 isn't a strict dependency here, I don't think. The changes are minimal and a newer libgsf can be stabled independently, even if the previous stable for an arch is only 1.14.34 by the looks of it. Thoman already rushed and edited the atoms in the gnome-3.20 bug, but that's fine to keep - those that haven't done it yet, can then skip 1.14.40 automatically. Please stable =gnome-extra/libgsf-1.14.41
amd64 stable
x86 stable
sparc stable
arm stable
ppc stable
Stable on alpha.
ia64 stable
ppc64 stable
Stable for HPPA.
GLSA Vote: No @ Maintainer(s): Please cleanup and drop <gnome-extra/libgsf-1.14.41!
cleanup done