Your message dated Tue, 20 Jan 2026 10:17:57 +0000
with message-id <[email protected]>
and subject line Bug#1125674: fixed in libsndfile 1.2.2-4
has caused the Debian Bug report #1125674,
regarding libsndfile: CVE-2025-56226
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125674
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libsndfile
Version: 1.2.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/libsndfile/libsndfile/issues/1089
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libsndfile.
CVE-2025-56226[0]:
| Libsndfile <=1.2.2 contains a memory leak vulnerability in the
| mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-56226
https://www.cve.org/CVERecord?id=CVE-2025-56226
[1] https://github.com/libsndfile/libsndfile/issues/1089
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libsndfile
Source-Version: 1.2.2-4
Done: Fabian Greffrath <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libsndfile, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Greffrath <[email protected]> (supplier of updated libsndfile package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 20 Jan 2026 08:20:22 +0100
Source: libsndfile
Architecture: source
Version: 1.2.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: Fabian Greffrath <[email protected]>
Closes: 1125674
Changes:
libsndfile (1.2.2-4) unstable; urgency=medium
.
* Backport upstream patches to fix memory leaks in mpeg_l3_encode.c
and sndfile-conver.c (Closes: #1125674, CVE-2025-56226)
* Add patch to disable "sdlcomp_test_short opus"
(https://github.com/libsndfile/libsndfile/issues/1107)
Checksums-Sha1:
a7f1d97506af18c02780ac625825f3e1806dc772 2484 libsndfile_1.2.2-4.dsc
7a6edd87e3384e83e13d99d41c1e559ad0132cc3 29760 libsndfile_1.2.2-4.debian.tar.xz
c0258c72da6bc6598062af9d42d5f49ff0dc18a4 8647
libsndfile_1.2.2-4_amd64.buildinfo
Checksums-Sha256:
582a7b9cd2f7c0ada8bbbf9787e8f11d2e5778d065bb1c13644e44cdd878af83 2484
libsndfile_1.2.2-4.dsc
00796f90a34180460edf45b4d6930a004238136bd08c85b4a4c704fc30634a84 29760
libsndfile_1.2.2-4.debian.tar.xz
a9012049868b317c0554fc0988f5fe8f0ab3e8274621bac4ac353be40ca1ed58 8647
libsndfile_1.2.2-4_amd64.buildinfo
Files:
5205b8925dfdece446471152068b0545 2484 devel optional libsndfile_1.2.2-4.dsc
a4d2a662ef06683f977c57b0a5190a2f 29760 devel optional
libsndfile_1.2.2-4.debian.tar.xz
186d8e0587af46b54fafa1b1f1e94d0d 8647 devel optional
libsndfile_1.2.2-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEIsF2SKlSa4TfGRyWy+qOlwzNWd8FAmlvMPcSHGZhYmlhbkBk
ZWJpYW4ub3JnAAoJEMvqjpcMzVnfsA4QAJD622maqnhedGolgCKcabT+gwWP28UM
/kDpKZdyTsdzQkMxSu+azIIGZ2MvLFwhobo5H92FCVY9hy0XMOripIwdbI1ZcYVN
wAZReCk6ve43X48BizkES73IDRrt7GxEH0Na38FmM0f/6GffQBExl23txTzd3tDJ
5/ZuA3hnToCEtrZNwITRDjQ0mbcAgO6RuEi90KGeinp2Eck93QJXZ7DuWk4YX87O
wSdrLHx8YG6ly5tkHTKZ9HEWSrdnpKYy7jaTNDYU8LGqhWPVJml4cGDotvESMC0M
uJCXr464nrCca5K7BMevxaCg/9//tZsU512dq/ZQDK/R4KUpERW5TABjfNpal/IV
/GYeH0phxazQZ4kw5Xp0O6TkKTdSCvTCEWMPY5QsqOdiKLXGw1bWAXf897Dnu1mR
dH7PRL1i1kw/WjnQsOKnN9HeqnT3FqVhXlJVJ6RX1vNzwLlOX8ZNyNi7ArKj9mb3
PziQJgCyRDRlpHDhmX1yPt9ktZgoNIeDUb0HoteNskWUlD94vZdn5snMkPb3wJQy
56iTJHN2DUxAWDaju1dVtgyLp4B4eRPPWB9f8Y3YjC06il/sDeCPafdvvcUv8K/4
MrkQ2as6Jb+Jc1r8q/jEw11hI1PNHRGVX0G6m2S7aRY0M/DKyUQ6qwMn4NHbpPTq
xpcU9UmIuGUV
=Bvf7
-----END PGP SIGNATURE-----
pgpIF3KKcq_Ve.pgp
Description: PGP signature
--- End Message ---
