Your message dated Thu, 07 May 2026 23:03:06 +0000
with message-id <[email protected]>
and subject line Bug#1135320: fixed in lcms2 2.19.1-1
has caused the Debian Bug report #1135320,
regarding lcms2: CVE-2026-42798
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lcms2
Version: 2.17-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for lcms2.
CVE-2026-42798[0]:
| Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer
| overflow in ParseCube in cmscgats.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-42798
https://www.cve.org/CVERecord?id=CVE-2026-42798
[1]
https://github.com/mm2/Little-CMS/commit/6a686019825a89b715d16671f18d049523354176
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lcms2
Source-Version: 2.19.1-1
Done: Thomas Weber <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lcms2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Weber <[email protected]> (supplier of updated lcms2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 23:33:40 +0200
Source: lcms2
Architecture: source
Version: 2.19.1-1
Distribution: unstable
Urgency: medium
Maintainer: Thomas Weber <[email protected]>
Changed-By: Thomas Weber <[email protected]>
Closes: 1134335 1135320
Changes:
lcms2 (2.19.1-1) unstable; urgency=medium
.
* New upstream version 2.19.1
- CVE-2026-41254: integer overflow in CubeSize() (Closes: #1134335)
- CVE-2026-42798: integer overflow in ParseCube() (Closes: #1135320)
* Refresh patches
* Remove patches (applied upstream):
- 0001-Fix-integer-overflow-in-CubeSize.patch
- 0002-check-for-overflow.patch
* Update doc-base files for new 2.19 upstream version
* Bump standards version to 4.7.4, no changes needed
* Update symbols file
* Move from pkg-config to pkgconf in the testsuite.
Thanks to Lintian
* Acknowledge NMU
Thanks to Adrian Bunk <[email protected]>
Checksums-Sha1:
8ed1bba429d3af9624f2d6168666093ad167b307 2054 lcms2_2.19.1-1.dsc
b66f8317db40a775cb46cc465f66eb841c11aebf 5728743 lcms2_2.19.1.orig.tar.gz
8d551c7c82d78716cfd1b2946a0d7cc218252a4c 11996 lcms2_2.19.1-1.debian.tar.xz
9c85c3b7606ae9190a6e55a79d4421c78c1dd9aa 8443 lcms2_2.19.1-1_amd64.buildinfo
Checksums-Sha256:
22be0c2cdbe149282730f7e20f68bf862668052e7ed8bfbdf1eff27144e29bc1 2054
lcms2_2.19.1-1.dsc
bfc54f7bab59fbc921012014a8032e4cba4abd46db47d46b76416a8c0b2815c8 5728743
lcms2_2.19.1.orig.tar.gz
7962456f14e98850331f227773dc5e63ad27b9595dbefbcbb6e6835da2b76aac 11996
lcms2_2.19.1-1.debian.tar.xz
df141ef8ff755bdd9bf75f1680286dd257c69ba9c691647e3bd0d10a9bec7075 8443
lcms2_2.19.1-1_amd64.buildinfo
Files:
1acf1e23e14e2e5a27cc0f50c8eef7e8 2054 libs optional lcms2_2.19.1-1.dsc
541978f73749499e9e0277bfe5a3c868 5728743 libs optional lcms2_2.19.1.orig.tar.gz
1062aef100a989df06b0f9895e4b46fb 11996 libs optional
lcms2_2.19.1-1.debian.tar.xz
1929435f88a749068a3bf0889df07228 8443 libs optional
lcms2_2.19.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXcRrV8dHdlRr8Kg5x/+TixwaPkkFAmn9DBgACgkQx/+Tixwa
PkmZmBAAwqw9TUT7YGKJV96eG2yDDlwfb+aKuFEUbuhHJ9rcMp3RImV+T/4cJVjg
CBOI1IXHVwGNJfy6WE7I7vRe72EiDwZKiSufvWNFpyuZ9Wf9J878THOwL469i3uA
1b+NgLizuYeBQHzATPBQaY900q386qHwg35WGns6IzBF+ldeYC5SBZ5Auw+Tsrdl
IIaBozlo53FKqzOQvFWpzTpl/YcDQmVeUlvFFj4KVsDbMrLR2Jsd9ti8mvi/QZKu
BGhBuL2bdPIWyXmuoHO9bDhauq2W2OK8h9quDD9599z+oESiTFYbiJb/vSyhQoiH
VLL6N34SO8RWnx3G2MI2kpXdMJVbeWSWGgCphPyqaLLNL4NKSRak1iem8YI9YqoZ
fR12WKcV/CuIYgJ+UECb7u6M6M6KJApFXg/BcD14B011coA5rLcImaIHyid4OY8u
xW6UgQY2lZQkHdHyzH1+ZHoztLHdQnH+uSomWDl+44OG22r6r7tLFvKfU0TWXfbX
qimKtTQHE20iYyyMrRUD91NX4io3zQ4ltxzBiQchQhon+O02Tro+qED1k43AzMbM
MkjEoW30UnWOE3hGuEzKHMFyQKmVbJePYBGn8yxUlIOmm/PL/zvQO6G064LNAqYI
Q3HTkYo6pDOf5v/VZ5L1hSjEKlXs1IP6sIYB+GzU4fg5wDjyaRs=
=BASp
-----END PGP SIGNATURE-----
pgpDNUY6JU3uC.pgp
Description: PGP signature
--- End Message ---
