Your message dated Sat, 04 Jul 2026 15:47:28 +0000
with message-id <[email protected]>
and subject line Bug#1126286: fixed in opencc 1.1.9+ds1-1+deb13u1
has caused the Debian Bug report #1126286,
regarding opencc: CVE-2025-15536
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126286: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126286
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opencc
Version: 1.1.9+ds1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/BYVoid/OpenCC/issues/997
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for opencc.
CVE-2025-15536[0]:
| A weakness has been identified in BYVoid OpenCC up to 1.1.9. This
| vulnerability affects the function opencc::MaxMatchSegmentation of
| the file src/MaxMatchSegmentation.cpp. This manipulation causes
| heap-based buffer overflow. The attack is restricted to local
| execution. The exploit has been made available to the public and
| could be used for attacks. Patch name:
| 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is
| recommended to deploy a patch.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-15536
https://www.cve.org/CVERecord?id=CVE-2025-15536
[1] https://github.com/BYVoid/OpenCC/issues/997
[2] https://github.com/BYVoid/OpenCC/pull/1005
[3]
https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: opencc
Source-Version: 1.1.9+ds1-1+deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
opencc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated opencc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Jun 2026 19:41:39 +0300
Source: opencc
Architecture: source
Version: 1.1.9+ds1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Input Method Team <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1126286
Changes:
opencc (1.1.9+ds1-1+deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-15536: Out-of-bounds read (Closes: #1126286)
Checksums-Sha1:
960f6bbc7f730a082f97842c5a5b8a1fc15d7169 2996 opencc_1.1.9+ds1-1+deb13u1.dsc
30c1b4fbe53bc89ce0a6519ab6f5735b62013ae6 1027080 opencc_1.1.9+ds1.orig.tar.xz
a5d2797c0444fe5ec30661a22d0b2236640e0631 15568
opencc_1.1.9+ds1-1+deb13u1.debian.tar.xz
Checksums-Sha256:
43c8cd0ddc01cd182996fdb23b118892a1f8080e2a6925ada011da20d700e2d1 2996
opencc_1.1.9+ds1-1+deb13u1.dsc
2870b0af383fb47a899552713d73424ce5d5d9d7cb90e903d817eceac493c6f1 1027080
opencc_1.1.9+ds1.orig.tar.xz
d0599b18db74ba33a08d325438baac4ed5a65fe87de1b9dae18c387d3d4df303 15568
opencc_1.1.9+ds1-1+deb13u1.debian.tar.xz
Files:
520249c68f2b78f029d64bbc723c5d12 2996 libs optional
opencc_1.1.9+ds1-1+deb13u1.dsc
720a33458a963b0976f7db60b2292aa7 1027080 libs optional
opencc_1.1.9+ds1.orig.tar.xz
36cec55e1e92ba68c87210a5d55dc2e3 15568 libs optional
opencc_1.1.9+ds1-1+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmo2zWoACgkQiNJCh6LY
mLFM+A/+LxAJqqeDiyWPPJQOUFdin6yk1j+YiHeu2E30mVHhJPz7MB0fv6lntLYs
cbDbPLhyt2u56veS2tiksrq/XmrNsQJRIa38wHgo9sSaGDh03nIktik1T/8sPWQR
F1+eucn3FenDMtiilC17YAxgmUJdkzDfxXDoFgBRLkS2uHss2HTZnc034di4EwBo
9xef5N7jJUFTLi19CHLQm+IboyzXyH6r/4R+RsrilkclGfp4pQMQD+ca+7LY2r13
IoPD2Dt6NLFKlfgTyT6n0KLFTSbqp2/inmjQtyLS9PCtV1dFak/YcF9fGzbxI+aO
7a0Dfm6UeVqBrpOaDD6OHmvuajhHFbtWBoXr4ZwrBb6z8lOmeeJs5hvG4KKI6i5A
tqS/LdV2E7AXfVGyoBZ3nhFcDiZFIcwiQeGa9QJ7AZIp4KB2H5ZFaX3cGM2t8uPp
VQfLffwwIIn1ypINrTb9tvXiyxOM4f2giCP06DYur/a6q/8Ul8mPmmQQ1kMspZiG
KdUEL+ezOIU8o8ID2M5p+Go0If0LJkwFctfU2Sh5twmO0+S1Sbnx+wOgzn5YTcPU
GwUTBNsZL9wdU0nCMJnQgu1xG+cOqlMxwDaYD1eLQg8bWNjtp2hpTTdOrAYlawUU
HpA8MzhKA5pj2MP4Y0Nf4R/USeRCVkbkbm8up2lSe65mjgYwUYg=
=lIog
-----END PGP SIGNATURE-----
pgpmChCOlNfgq.pgp
Description: PGP signature
--- End Message ---