Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsixel for openSUSE:Factory checked in at 2025-09-05 21:44:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsixel (Old) and /work/SRC/openSUSE:Factory/.libsixel.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsixel" Fri Sep 5 21:44:29 2025 rev:3 rq:1302932 version:1.10.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libsixel/libsixel.changes 2025-03-07 16:47:56.811924491 +0100 +++ /work/SRC/openSUSE:Factory/.libsixel.new.1977/libsixel.changes 2025-09-05 21:45:02.709021775 +0200 @@ -1,0 +2,6 @@ +Fri Sep 5 12:46:55 UTC 2025 - Dirk Müller <[email protected]> + +- add 0001-Fix-a-heap-buffer-overflow-problem-reported-by-err2z.patch + (bsc#1248454, CVE-2025-9300) + +------------------------------------------------------------------- New: ---- 0001-Fix-a-heap-buffer-overflow-problem-reported-by-err2z.patch ----------(New B)---------- New: - add 0001-Fix-a-heap-buffer-overflow-problem-reported-by-err2z.patch (bsc#1248454, CVE-2025-9300) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsixel.spec ++++++ --- /var/tmp/diff_new_pack.ONFxjR/_old 2025-09-05 21:45:03.297046517 +0200 +++ /var/tmp/diff_new_pack.ONFxjR/_new 2025-09-05 21:45:03.301046686 +0200 @@ -1,7 +1,7 @@ # # spec file for package libsixel # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,8 @@ URL: https://github.com/libsixel/libsixel Source: https://github.com/libsixel/libsixel/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: meson.patch +# CVE-2025-9300 +Patch1: 0001-Fix-a-heap-buffer-overflow-problem-reported-by-err2z.patch BuildRequires: bash BuildRequires: meson BuildRequires: pkgconfig ++++++ 0001-Fix-a-heap-buffer-overflow-problem-reported-by-err2z.patch ++++++ >From 316c086e79d66b62c0c4bc66229ee894e4fdb7d1 Mon Sep 17 00:00:00 2001 From: Hayaki Saito <[email protected]> Date: Tue, 12 Aug 2025 21:30:24 +0900 Subject: [PATCH] Fix a heap-buffer-overflow problem reported by @err2zero --- a/src/encoder.c +++ b/src/encoder.c @@ -744,9 +744,9 @@ sixel_debug_print_palette( fprintf(stderr, "palette:\n"); for (i = 0; i < sixel_dither_get_num_of_palette_colors(dither); ++i) { fprintf(stderr, "%d: #%02x%02x%02x\n", i, + palette[i * 3 + 0], palette[i * 3 + 1], - palette[i * 3 + 2], - palette[i * 3 + 3]); + palette[i * 3 + 2]); } }
