Your message dated Mon, 08 Jun 2026 16:20:27 +0000
with message-id <[email protected]>
and subject line Bug#1032670: fixed in allegro4.4 2:4.4.3.1-8
has caused the Debian Bug report #1032670,
regarding allegro4.4: CVE-2021-36489
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1032670: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032670
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: allegro4.4
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for allegro4.4.
CVE-2021-36489[0]:
| Buffer Overflow vulnerability in Allegro through 5.2.6 allows
| attackers to cause a denial of service via crafted PCX/TGA/BMP files
| to allegro_image addon.
https://github.com/liballeg/allegro5/issues/1251
https://github.com/liballeg/allegro5/pull/1253
These fixes landed in Allegro 5.2.8.0:
https://github.com/liballeg/allegro5/commit/3f2dbd494241774d33aaf83910fd05b2a590604a
(5.2.8.0)
https://github.com/liballeg/allegro5/commit/cca179bc16827f358153060cd10ac73d394e758c
(5.2.8.0)
https://github.com/liballeg/allegro5/commit/a2c93939f6997a96ecac1865dbb4fa3f66b5e1b7
(5.2.8.0)
https://github.com/liballeg/allegro5/commit/0294e28e6135292eab4b2916a7d2223b1bb6843e
(5.2.8.0)
In allegro 4.4, code is in src/[pcx|tga].c instead
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-36489
https://www.cve.org/CVERecord?id=CVE-2021-36489
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: allegro4.4
Source-Version: 2:4.4.3.1-8
Done: Sébastien Noel <[email protected]>
We believe that the bug you reported is fixed in the latest version of
allegro4.4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Noel <[email protected]> (supplier of updated allegro4.4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Jun 2026 17:14:52 +0200
Source: allegro4.4
Architecture: source
Version: 2:4.4.3.1-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team <[email protected]>
Changed-By: Sébastien Noel <[email protected]>
Closes: 1032670
Changes:
allegro4.4 (2:4.4.3.1-8) unstable; urgency=medium
.
* Team upload
* Cherry-pick upstream patches to fix CVE-2021-36489 (Closes: #1032670)
* Bump debhelper compat level to 13
Checksums-Sha1:
5f36714cf587ade285ba5e461291d21abb396d57 2541 allegro4.4_4.4.3.1-8.dsc
e54b78149d61dfe81f76b4c48b308f80a89615f6 58900
allegro4.4_4.4.3.1-8.debian.tar.xz
572b334d1f25219a3679e3133554bebaff455424 13802
allegro4.4_4.4.3.1-8_amd64.buildinfo
Checksums-Sha256:
5949fd15ad2e2007ba7e3d471398dc7504f464f025285366ef7b65a79bfa8a27 2541
allegro4.4_4.4.3.1-8.dsc
f7bfc38464b41c3465f97988ac0f20d38d6f6f9270f277294b59b7e95f0d4d60 58900
allegro4.4_4.4.3.1-8.debian.tar.xz
cb14e19053358e53f4492b0f090765f13493c33c4e1f2cc94dd08a2d70c493b1 13802
allegro4.4_4.4.3.1-8_amd64.buildinfo
Files:
580870e7ae18b66e3669ac52957ff271 2541 devel optional allegro4.4_4.4.3.1-8.dsc
75f29629c78a932354a9c1cddce0349f 58900 devel optional
allegro4.4_4.4.3.1-8.debian.tar.xz
09ae04d6f1740649081715e8f8c4a95b 13802 devel optional
allegro4.4_4.4.3.1-8_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFHBAEBCgAxFiEEdlP6my3wO8aMe9FCrKAIuMk0p9QFAmom5mYTHHR3b2xpZmVA
ZGViaWFuLm9yZwAKCRCsoAi4yTSn1D3GB/4k1BCj8L7b963hDKQRzIZxBA7dCJxx
SZaxaN8RFVV6uegfPOqq0KXuK6f6266eWDxkwOcA4mfa0uXRUEkGAFPbNDWOMS+V
zJUKN0gx1wqAy+Zk6GocVe++QE5gyZwxrIcv2ito49qtXoS2TlnFGC9vVfkt2QlE
HUN4xlF94tfxJ3iYOc6rinMTdEFPCTs4vZ2WQ/1zymANjelVDd1ii2V9ypMRXG1B
iyqfu5pK0WDQe9w8qt1HvewGIeeHSgNEIMd4RbXR21Bii0MByuiW3okkKqiUEG+0
x1TWpQEsrT/manCoI69H9xfid1jPkmzA9hIs1id54oVgj1D9EXraHgdI
=vesy
-----END PGP SIGNATURE-----
pgpUGC8u2bW45.pgp
Description: PGP signature
--- End Message ---
