Hi Étienne, On Sun, Jun 14, 2026 at 08:05:50PM +0200, Étienne Mollier wrote: > Control: found -1 3.4.1+dfsg-6 > Control: fixed -1 3.4.1+dfsg-9 > > Hi Salvatore and the Security Team, > > Thank you for the notification, the fix (hopefully correct this > time) should make it to Debian unstable soon, and then forky in > a couple of days. I have proceeded to an urgency=high upload of > openslide 3.4.1+dfsg-9 this time. I saw preparatory work for a > version 4.0.0 in Salsa, but that was unfinished work and I was > unsure of the blockers, so I favored a targeted fix for now. > > trixie and bookworm are running the same 3.4.1 upstream version > (3.4.1+dfsg-7 and 3.4.1+dfsg-6 packaging iterations > respectively), so I have begun wrapping up an eventual security > upload for stable and oldstable. You will find the debdiffs in > attachment. > > I have problems testing the fix for myself. The test suite in > the package currently does not trigger, in addition to issues > with inlining binaries in quilt patches. This is how I tripped > on the carpet with the return NULL vs goto FAIL in the patch. > Otherwise, I assume this would have been caught by the test case > added along upstream commit 2be88bd. :( Thankfully, as you > might have witnessed, upstream has been very reactive to > pinpoint issues and provide proper corrections. :) I have > reviewed the way the function parse_level0_xml evolved between > 3.4.1 and 4.0.0 and I agree that the correction was needed. > > With these elements, should I go ahead with upload to > trixie-security and to bookworm-security?
Sorry for the late followup, there was/is some backlog and openslide was not on topmost on the radar. I still think openslide would be good candidate for the point releases (which are approaching, rather than a dedicated security update). Regards, Salvatore
