Your message dated Sun, 10 May 2026 18:02:39 +0000
with message-id <[email protected]>
and subject line Bug#1135320: fixed in lcms2 2.16-2+deb13u2
has caused the Debian Bug report #1135320,
regarding lcms2: CVE-2026-42798
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lcms2
Version: 2.17-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for lcms2.
CVE-2026-42798[0]:
| Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer
| overflow in ParseCube in cmscgats.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-42798
https://www.cve.org/CVERecord?id=CVE-2026-42798
[1]
https://github.com/mm2/Little-CMS/commit/6a686019825a89b715d16671f18d049523354176
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lcms2
Source-Version: 2.16-2+deb13u2
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lcms2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated lcms2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 May 2026 00:01:34 +0200
Source: lcms2
Architecture: source
Version: 2.16-2+deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: Thomas Weber <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1135320
Changes:
lcms2 (2.16-2+deb13u2) trixie-security; urgency=medium
.
* CVE-2026-42798 (Closes: #1135320)
Checksums-Sha1:
d6be5c43e3553fe95b792017b5ec3147efb79e95 2004 lcms2_2.16-2+deb13u2.dsc
30a95832bc979a402dd3630b258230294b86f5ef 12744
lcms2_2.16-2+deb13u2.debian.tar.xz
2b00644edc5cd8f168152a22fb100e84dce760d7 8542
lcms2_2.16-2+deb13u2_amd64.buildinfo
Checksums-Sha256:
8ff22453843eed5ef7bfb76b4cb2cfe490613337cb197141db658e5195ead9fc 2004
lcms2_2.16-2+deb13u2.dsc
bb72de5dc4164e1023a6d124c57789b6abee866d3b76c878d0771b86fb720de9 12744
lcms2_2.16-2+deb13u2.debian.tar.xz
039a6a6cdc3dccbfd72581cbd512f934a130d707e143791c0d0b55b610e76dc6 8542
lcms2_2.16-2+deb13u2_amd64.buildinfo
Files:
41fe9db27e40878feee7e5e15f958707 2004 libs optional lcms2_2.16-2+deb13u2.dsc
8507ae3a2dd611c74d56d34a3ce43d75 12744 libs optional
lcms2_2.16-2+deb13u2.debian.tar.xz
54914086e02563580f4b86816b117d2b 8542 libs optional
lcms2_2.16-2+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn9uI8ACgkQEMKTtsN8
TjYYzRAAtALTk0gR+s0SAT8j8hZ1Ory34qpjCPP1h85Ma3b3PoKRwx7GcIfWFGiH
bBa01p/WHvlnX8quu4QNg/Kne6eWDZwXvgjYecBDf3pgfCh7nBj5E53mTizCvDkW
dGClXaaqUrRK/kM6S8thC4wP+Jprd1I9mStOGeX8FkE1TTdMSFmQVgT6aEjCeHng
bDfOEWj4OUnvdvJM+VQ+yqiV+M7jOQQC8bLzTl9ujDXgCIiUq/mK6pepDtVzL3Q+
AFZstpmlu0K0oq4103vf1wsZ7PrEnid1LEmSWFU5v+ISihZ3B/WG6GVYjnyZCtvQ
BBG8/IHunJ7Oc0DA31QCirG9mG4zGddweDw7aasxSJlV3ninpg21DU9P7gildWHg
6i6EuY0BAcYEd6mSN8w/uuRLVs4OtQw7Ha+tRrjbvmn1bP0tXUKT9xnefT7+RkFy
a3yaAaJ0M9vIzdbMjpdDm7xMH7tCr7za144LFiwFssS9dTG5oSSIuiaJxYaE7+t/
1qlrkXXazHKK4xIRCwgxoLJvV7YOhHpV6OuGFProsBh2xroEWRYAj9VixNQ0epi5
VLnyanGQJaZDuawdiWbcMNfmAHywiilwz00ZgIqWvbEH4OQA3C7p5jWf6q4zYDL9
8A9w/KbY3yH2NFC3pP8qCS9qt11S2hbplTMS/TYDzoCi9/XimjE=
=Qhgz
-----END PGP SIGNATURE-----
pgpiYag3lkDF0.pgp
Description: PGP signature
--- End Message ---
