Bug#1129962: trixie-pu: package libsndfile/1.2.2-2+deb13u1

Moritz Muehlenhoff Fri, 06 Mar 2026 09:19:51 -0800

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:libsndfile
User: [email protected]
Usertags: pu


Low severity security issue in libsndfile, all tests in debusine
passed fine. Debdiff below.

Cheers,
        Moritz

diff -Nru libsndfile-1.2.2/debian/changelog libsndfile-1.2.2/debian/changelog
--- libsndfile-1.2.2/debian/changelog   2024-12-14 13:50:37.000000000 +0100
+++ libsndfile-1.2.2/debian/changelog   2026-03-04 20:48:11.000000000 +0100
@@ -1,3 +1,9 @@
+libsndfile (1.2.2-2+deb13u1) trixie; urgency=medium
+
+  * CVE-2025-56226 (Closes: #1125674)
+
+ -- Moritz Mühlenhoff <[email protected]>  Wed, 04 Mar 2026 20:48:11 +0100
+
 libsndfile (1.2.2-2) unstable; urgency=high
 
   [ Fabian Toepfer ]
diff -Nru libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch 
libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch
--- libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch        1970-01-01 
01:00:00.000000000 +0100
+++ libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch        2026-03-04 
20:48:08.000000000 +0100
@@ -0,0 +1,25 @@
+From d9a35ea0d5c64c19dd635ae578e0028df8f66d6a Mon Sep 17 00:00:00 2001
+From: Sisyphus-wang <[email protected]>
+Date: Fri, 11 Jul 2025 15:14:48 +0800
+Subject: [PATCH] Update mpeg_l3_encode.c
+
+--- libsndfile-1.2.2.orig/src/mpeg_l3_encode.c
++++ libsndfile-1.2.2/src/mpeg_l3_encode.c
+@@ -87,7 +87,8 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, i
+       if (! (pmpeg->lamef = lame_init ()))
+               return SFE_MALLOC_FAILED ;
+ 
+-      pmpeg->compression = -1.0 ; /* Unset */
++      psf->codec_close        = mpeg_l3_encoder_close ; /* Set 
psf->codec_close early*/
++      pmpeg->compression = -1.0 ; /* Unset */
+ 
+       lame_set_in_samplerate (pmpeg->lamef, psf->sf.samplerate) ;
+       lame_set_num_channels (pmpeg->lamef, psf->sf.channels) ;
+@@ -115,7 +116,6 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, i
+               }
+ 
+       psf->sf.seekable        = 0 ;
+-      psf->codec_close        = mpeg_l3_encoder_close ;
+       psf->byterate           = mpeg_l3_encoder_byterate ;
+       psf->datalength         = 0 ;
+ 
diff -Nru libsndfile-1.2.2/debian/patches/series 
libsndfile-1.2.2/debian/patches/series
--- libsndfile-1.2.2/debian/patches/series      2024-12-14 13:50:32.000000000 
+0100
+++ libsndfile-1.2.2/debian/patches/series      2026-03-04 20:47:56.000000000 
+0100
@@ -13,3 +13,4 @@
 CVE-2022-33065/CVE-2022-33065-12.patch
 CVE-2022-33065/CVE-2022-33065-13.patch
 0039-src-ogg-better-error-checking-for-vorbis.-Fixes-1035.patch
+CVE-2025-56226.patch

Bug#1129962: trixie-pu: package libsndfile/1.2.2-2+deb13u1

Reply via email to