1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1105883: marked as done (libavif: CVE-2025-48175) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Fri May 30 22:00:02 2025
    [continued from previous message]

    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <[email protected]>)
    id 1uL5iI-00B76n-Qs; Fri, 30 May 2025 19:48:22 +0000
    From: Debian FTP Masters <[email protected]>
    Reply-To: Salvatore Bonaccorso <[email protected]>
    To: [email protected]
    X-DAK: dak process-policy
    X-Debian: DAK
    X-Debian-Package: libavif
    Debian: DAK
    Debian-Changes: libavif_0.11.1-1+deb12u1_sourceonly.changes
    Debian-Source: libavif
    Debian-Version: 0.11.1-1+deb12u1
    Debian-Architecture: source
    Debian-Suite: proposed-updates
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1105883: fixed in libavif 0.11.1-1+deb12u1
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============0144416026130514841=="
    Message-Id: <[email protected]>
    Date: Fri, 30 May 2025 19:48:22 +0000

    --===============0144416026130514841==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: libavif
    Source-Version: 0.11.1-1+deb12u1
    Done: Salvatore Bonaccorso <[email protected]>

    We believe that the bug you reported is fixed in the latest version of
    libavif, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to [email protected],
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Salvatore Bonaccorso <[email protected]> (supplier of updated libavif package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing [email protected])


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 25 May 2025 17:51:18 +0200
    Source: libavif
    Architecture: source
    Version: 0.11.1-1+deb12u1
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian Multimedia Maintainers <[email protected]> Changed-By: Salvatore Bonaccorso <[email protected]>
    Closes: 1105883 1105885
    Changes:
    libavif (0.11.1-1+deb12u1) bookworm-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * Add integer overflow checks to makeRoom (CVE-2025-48174)
    (Closes: #1105885)
    * Avoid integer overflow in (32-bit) int or unsigned int arithmetic
    operations (CVE-2025-48175) (Closes: #1105883)
    Checksums-Sha1:
    d59f31c294e5344e6247f37a49dfd5b31fb4989e 2763 libavif_0.11.1-1+deb12u1.dsc
    5d9b62d2853cba9d4adef1d4f217b67741e07d94 5826813 libavif_0.11.1.orig.tar.gz
    5662e96cf71fb4beb6822e064cff910e55832895 7608 libavif_0.11.1-1+deb12u1.debian.tar.xz
    Checksums-Sha256:
    87b4faee8aba6052663493f484f7b58754f727fdc33024e5bbb6e821f5de58bd 2763 libavif_0.11.1-1+deb12u1.dsc
    0eb49965562a0e5e5de58389650d434cff32af84c34185b6c9b7b2fccae06d4e 5826813 libavif_0.11.1.orig.tar.gz
    1c8169da17c31882c0e008e661152bbb697ff49c97fd94a9565a5053cd72c21c 7608 libavif_0.11.1-1+deb12u1.debian.tar.xz
    Files:
    3870586659ec661c7a2ec96061efbe1d 2763 libs optional libavif_0.11.1-1+deb12u1.dsc
    dde524dfc0e0e37a468277b128662990 5826813 libs optional libavif_0.11.1.orig.tar.gz
    011ba4479544a620de35ab083f81afd9 7608 libs optional libavif_0.11.1-1+deb12u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgzPplfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUpEQAJjmFIlu09m0vds2/ejvc9CZr0DZPb60 VegtHPlAo+eF57XR+Ojz7uQRs7/xF8LHzDC+r4/HEzcWLjeIwqe4mh3yLisb03Ae fPrZcI4Xyd/cZ3jFQBFpg2/9BfFifnKExRy2UO3pu7x1ZFqYzwzic+2tnQRflcE4 w2ziW2tu2UJRkM1FPmmWfEdoCccxVtn9dorTrsmhrQBarP6jpfjyWTczwyfioyEn i9fGnJpcnpigmc0uFUr/uQxPmILGNJ4qxzgcf+jRQ/y7LedeZ7uYGJjTu4ljRqoJ HLzCcpsKVQwx7lqY5RkQPdARs2Z1wwz13hNMHriZGVQusD6Z++CtVTEBzDUiLD5m gJiJmaePXXGKlApRmygKEZpZP4mDSmfp0uYvT//UuGWtuL/Invx4nQlTqSI8qEgy b5nX+KZ3EsT7RERnXgpTkmWVUAH/ejaV+c2YxkihVikiudpURinYcFmSu35L2hsq /fZbyIcUHUeyShW6n4U7PoUTa5eogjoOTYL1IKstluOi917b3obc9VoQoC9xeJxj +SqEoO3wKvBAngDNXzwmh+256nhMRbCEnnYdCM3XBg5gW76kfN5C2WL1+Km+gBcD MaTUh9qoZc7ZSJDJ2sF9+0VBt1tV2WGv4PJ5+ZofvxQRm7cckiTitwXLRwHVsQZQ
    ZyoufXH3uNg6
    =fffy
    -----END PGP SIGNATURE-----


    --==============@44416026130514841=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaDoLhgAKCRCb9qggYcy5 IWkHAP0Wj9JArX7lr2oofkvUKEfkvnNZhuwPJaXJF1ZHHXNf1QD+NWeuTN6g2KD0 qKtMK/3lHzpCxh+FSnJM3VmqXaybmAQ=SU7L
    -----END PGP SIGNATURE-----

    --==============@44416026130514841==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)