Your message dated Sun, 10 May 2026 16:33:17 +0000
with message-id <[email protected]>
and subject line Bug#1131147: fixed in kissfft 131.1.0-4.1~deb13u1
has caused the Debian Bug report #1131147,
regarding kissfft: CVE-2025-34297
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131147
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kissfft
Version: 131.1.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/mborgerding/kissfft/issues/120
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for kissfft.
CVE-2025-34297[0]:
| KissFFT versions prior to the fix commit 1b083165 contain an integer
| overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t
| is 32-bit. The nfft parameter is not validated before being used in
| a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can
| wrap to a small value when nfft is large. As a result, malloc()
| allocates an undersized buffer and the subsequent twiddle-factor
| initialization loop writes nfft elements, causing a heap buffer
| overflow. This vulnerability only affects 32-bit architectures.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-34297
https://www.cve.org/CVERecord?id=CVE-2025-34297
[1] https://github.com/mborgerding/kissfft/issues/120
[2]
https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kissfft
Source-Version: 131.1.0-4.1~deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
kissfft, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated kissfft package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 May 2026 17:31:44 +0300
Source: kissfft
Architecture: source
Version: 131.1.0-4.1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1131147 1134493
Changes:
kissfft (131.1.0-4.1~deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* Rebuild for trixie.
- Drop the CMake 4 fix.
.
kissfft (131.1.0-4.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-34297: Integer Overflow on 32-bit Systems
(Closes: #1131147)
* CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc()
(Closes: #1134493)
.
kissfft (131.1.0-4) unstable; urgency=medium
.
* Team upload.
.
[ Vasyl Gello ]
* Fix lintian warnings
.
[ Dylan Aïssi ]
* Cherry-pick upstream patch to improve compatibility with cmake 4
* Update debian/salsa-ci.yml
* Switch Build-Dep from pkg-config to pkgconf
* Standards-Version: 4.7.2 (routine-update)
Checksums-Sha1:
43b4e08ebddc21fe0527997ad77e5b984c461922 2175 kissfft_131.1.0-4.1~deb13u1.dsc
e313f318ed7bf1b2d4226f3ce4434788896fb089 52383 kissfft_131.1.0.orig.tar.gz
aecda4f74b4b5c9de1bd0160e754c75da09facdd 9216
kissfft_131.1.0-4.1~deb13u1.debian.tar.xz
Checksums-Sha256:
2ea8e72fcaad9b82ca6dee025b990a539567600675613c37db4159928f889821 2175
kissfft_131.1.0-4.1~deb13u1.dsc
76c1aac87ddb7258f34b08a13f0eebf9e53afa299857568346aa5c82bcafaf1a 52383
kissfft_131.1.0.orig.tar.gz
ba1b48a51d0fab492a1a0d5c1c987ba20cf559b9e24d80ee78cd145759ffa2d5 9216
kissfft_131.1.0-4.1~deb13u1.debian.tar.xz
Files:
03092137c7d4734b6672d3bc26d52f41 2175 libs optional
kissfft_131.1.0-4.1~deb13u1.dsc
981ad3e496fbd8edb99704fc0e2aa939 52383 libs optional
kissfft_131.1.0.orig.tar.gz
3339dd1da9f918852d5f100d6597d630 9216 libs optional
kissfft_131.1.0-4.1~deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn/R0gACgkQiNJCh6LY
mLG1Zg/+Pu4LxqruN7QzJWmqGk3lJapoXRqWijOoaaFuCtc/WsS6jihxdKjcRQ3I
xjDfE99lQXK+HkXnTyhg2qcnVwE7EnTSvLF1titZQhSd9rch2gFSigJLeuwlyV9L
lPuZb234MBF7efientt/AxoCTBvUDVc5Ebjyvh7rX9qKyc9W0SwQWBMEYIxYFY5O
o1lQnM8esMiFHDi2G0mGvheGp7Ya3Fke37p188LW5FSPEHnplx/fWJB8/GfI0O4F
5NmYRLq2ce2vhjl5fFhtlxfuY6ISmzgrHzwcsPpOPgOrDSD7ZB93M4jcXvTPVyOk
6ORq9w/RQBxel8z+k5b/gCyUDDDqR4pUDsatPO2D4sjUUsNiVPh4b5nI3wd/rqkq
2MpDXtP2yoUk0aOJCXXDJxIq8w0Ir/TRZK5jslmdNn/8S2RofeLr3+5C+QHjHmLV
7oyQXXXzASsnBirEP7CgnjIvKFRXISFaI/tOZgiolDSl/wc8gHGbNJlVMV0oJQbo
GBb3S+zN2lk2cDafMne+gyId+VBg/UyWJKSo6cU2ZAvuvL/e6azSI78ywidvpGeK
56JkvnitvevaGLf6gIri+vrYktVPEO+NCwpIWmyR4nVhzm30m6Ocy4GFM8suSsJ8
05hoI/D+9TZR52yU/a2IvLO4S6Q2WhCbeqX9ECs3Ms7FJIiwIaE=
=tp8l
-----END PGP SIGNATURE-----
pgpJBTBgchaps.pgp
Description: PGP signature
--- End Message ---
