Your message dated Tue, 30 Jun 2026 18:17:09 +0000
with message-id <[email protected]>
and subject line Bug#1140003: fixed in openslide 3.4.1+dfsg-7+deb13u1
has caused the Debian Bug report #1140003,
regarding openslide: CVE-2026-48977
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1140003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140003
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openslide
Version: 3.4.1+dfsg-7
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for openslide.

CVE-2026-48977[0]:
| Arbitrary memory write with crafted Ventana BIF file

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-48977
    https://www.cve.org/CVERecord?id=CVE-2026-48977
[1] 
https://github.com/openslide/openslide/security/advisories/GHSA-mxg2-48g7-fmwc

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: openslide
Source-Version: 3.4.1+dfsg-7+deb13u1
Done: Étienne Mollier <[email protected]>

We believe that the bug you reported is fixed in the latest version of
openslide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated openslide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Jun 2026 19:17:44 +0200
Source: openslide
Architecture: source
Version: 3.4.1+dfsg-7+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Med Packaging Team 
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1140003
Changes:
 openslide (3.4.1+dfsg-7+deb13u1) trixie; urgency=medium
 .
   * CVE-2026-48977.patch: new: fix CVE-2026-48977.
     The change lacks attempt to apply the test case, because the binary
     representation of a newly introduced test file is not possible in the
     patch. (Closes: #1140003)
Checksums-Sha1:
 b75028c1e55bb8d671568e816efe47464db56f3d 2754 
openslide_3.4.1+dfsg-7+deb13u1.dsc
 1026faecb6bdb50ebdd242e1ab25c94091cf0cd0 20368 
openslide_3.4.1+dfsg-7+deb13u1.debian.tar.xz
Checksums-Sha256:
 c3b25c6ea97ecfcaff5ce28a76586ac1a3239162387b23c3de0b857fa7621650 2754 
openslide_3.4.1+dfsg-7+deb13u1.dsc
 b9fade4b8151c74315ab72ece5b13fefae39dafc7e6c51c58ebf1f1aa5c8aad2 20368 
openslide_3.4.1+dfsg-7+deb13u1.debian.tar.xz
Files:
 f7e835e84e8e3dda11f21fd45d5a9d71 2754 libs optional 
openslide_3.4.1+dfsg-7+deb13u1.dsc
 97e259c6293febc2d7a3de7a38d238d6 20368 libs optional 
openslide_3.4.1+dfsg-7+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmpDXoQUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdrXJw/+PiSO38eadEJrXwm62yREOGPI4FRQ
GlGJWyZWDOdojab5vZOmQh6U6YaD9dFvs+IJWDTMxyNy7wHBddZoLvWhnmNZNjVI
3phY5bDVnZeuocnMfZuZeljc/CNNiJ97+BCYiiDZ2f84/S8TviS8gfWZaVqndk4B
fINn0Lh8GNvtCNiGsV9vcmxhjWoTuIyFqmPMhKV1JvTTMjLbNXfobx37/Hfd7foS
PXDlhnc8sU7diZF46+u4wWVRehqIVgQSLL4mnmIV5II5mjpAZsugsHcsTYNyXiHB
MJgdszRXK/4a3BHhSoXeC2RR+qc61D7EskGHiy65rqoeWL1cE3pOWItEr452Irjj
o0qb1M5UauQHDqnzXfVbMYazeIB0Gc9qmeT0sGeZNbgdSNcAYMvadW+/u5I2iT5u
reguQVeu8L/VIOubdKHi/59ZW3C0NTAXOcjEByycTHhuK9lkODpogS+HDyx8b9Dz
ffybpEYtaNf7Q6osU6lJX8zycM6dsSqd6Uk1xmgh7QR909vD+7CbT2HaECTEfMdm
i5uHkb9kvqSRusgq5/M/kpNXfn3dvPQbFgdPYoJ4JR2/WT3n8znIyTpA/oKyVhVX
oiibFkVw1rg6q7FEntrHQIHj/k9xH65kE27CCj9pVlo2cAHh5E0CKemv12Bfcm7z
gTl9sjHtUuhsiuw=
=1aNZ
-----END PGP SIGNATURE-----

Attachment: pgp5xEOef30kY.pgp
Description: PGP signature


--- End Message ---

Reply via email to