Several security upgrades have been rolled out to Debian GNU/Linux Extended LTS, including ELA-1200-1 libgsf, ELA-1201-1 gtk+3.0, and ELA-1202-1 gtk+2.0:

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1202-1 gtk+2.0 security update
ELA-1201-1 gtk+3.0 security update

Debian GNU/Linux 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1200-1 libgsf security update

ELA-1202-1 gtk+2.0 security update

Package : gtk+2.0
Version : 2.24.25-3+deb8u3 (jessie), 2.24.31-2+deb9u1 (stretch), 2.24.32-3+deb10u1 (buster)

Related CVEs :
CVE-2024-6655

Modules were also searched in the current working directory in the GNOME toolkit gtk+2.0, allowing library injection.

ELA-1202-1 gtk+2.0 security update

ELA-1201-1 gtk+3.0 security update

Package : gtk+3.0
Version : 3.14.5-1+deb8u2 (jessie), 3.22.11-1+deb9u1 (stretch), 3.24.5-1+deb10u1 (buster)

Related CVEs :
CVE-2024-6655

Modules were also searched in the current working directory in the GNOME toolkit gtk+3.0, allowing library injection.

ELA-1201-1 gtk+3.0 security update

ELA-1200-1 libgsf security update

Package : libgsf
Version : 1.14.41-1+deb9u1 (stretch), 1.14.45-1+deb10u1 (buster)

Related CVEs :
CVE-2024-36474
CVE-2024-42415

Integer overflows have been fixed in libgsf, the GNOME Project G Structured File Library.

CVE-2024-36474
directory integer overflow

CVE-2024-42415
sector allocation table integer overflow

ELA-1200-1 libgsf security update