Your message dated Sat, 30 May 2026 11:20:08 +0000
with message-id <[email protected]>
and subject line Bug#1136952: fixed in libcaca 0.99.beta20-7
has caused the Debian Bug report #1136952,
regarding libcaca: CVE-2026-42046
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136952
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcaca
Version: 0.99.beta20-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/cacalabs/libcaca/issues/86
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libcaca.
CVE-2026-42046[0]:
| libcaca is a colour ASCII art library. In 0.99.beta20 and earlier,
| an integer overflow vulnerability in libcaca's canvas import
| functionality allows an attacker to cause a controlled heap out-of-
| bounds write (heap overflow) by supplying a crafted file in the
| "caca" format. Depending on the build configuration and memory
| allocator, this may lead to memory corruption or remote code
| execution. This is the same vulnerability as CVE-2021-3410 but the
| fix at that time was not fully correct. Commit
| fb77acff9ba6bb01d53940da34fb10f20b156a23 fixes this vulnerability.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-42046
https://www.cve.org/CVERecord?id=CVE-2026-42046
[1] https://github.com/cacalabs/libcaca/issues/86
[2] https://github.com/cacalabs/libcaca/security/advisories/GHSA-4vvg-vrqv-m56w
[3]
https://github.com/cacalabs/libcaca/commit/fb77acff9ba6bb01d53940da34fb10f20b156a23
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcaca
Source-Version: 0.99.beta20-7
Done: Sebastian Ramacher <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcaca, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <[email protected]> (supplier of updated libcaca package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 30 May 2026 13:00:01 +0200
Source: libcaca
Architecture: source
Version: 0.99.beta20-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: Sebastian Ramacher <[email protected]>
Closes: 1136952
Changes:
libcaca (0.99.beta20-7) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* Prevent undefined behaviour in overflow check (CVE-2026-42046)
(Closes: #1136952)
.
[ Sebastian Ramacher ]
* debian/control:
- Drop RRR: no
- Bump Standards-Version
- Drop Priority: optional
Checksums-Sha1:
97901acd96babf79273f751d813ebfbb4cd19d8f 1708 libcaca_0.99.beta20-7.dsc
186a075fed42424e867202b72376d9d98cc704ba 11648
libcaca_0.99.beta20-7.debian.tar.xz
0a5d6f025999c6abc37754a2908a093e50c6edb9 14178
libcaca_0.99.beta20-7_amd64.buildinfo
Checksums-Sha256:
2760cc484043d1e4c17e72d978597e2b32e805f005b42d5e14e5036ba777464a 1708
libcaca_0.99.beta20-7.dsc
04dd3146aab22b44635d97bcf151f25b970151f0a8b43172a9a132ea90193e1f 11648
libcaca_0.99.beta20-7.debian.tar.xz
35a1efc9b6f688d9bcfb103ec39f7cbdeb3dcc411a6997ffa5adb6959cfe7fc8 14178
libcaca_0.99.beta20-7_amd64.buildinfo
Files:
9971b53b9a7622d1a376ebee919a32af 1708 libs optional libcaca_0.99.beta20-7.dsc
482a24d76882d2d43016549bcb1e226f 11648 libs optional
libcaca_0.99.beta20-7.debian.tar.xz
4e7ae2f7e70ac105bc5817e60a548b51 14178 libs optional
libcaca_0.99.beta20-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wr0EARYKAG8FgmoaxBIJECGTazZgD82JRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZ17H9mGHifhVZL2eExeZxQVLZo2r1AaYz7u+Mf2opBX2
FiEEQmJ+hB2ZZ9qD4fqQIZNrNmAPzYkAAOgOAPwPPlbj0S8O3l++jyGqVtr+hk2o
rc8RSwIiXIjs5cIqygD+JBPrPYlUf6h86lgfoetivmQlyUTa0fdwWXm+O7g58AU=
=JyWC
-----END PGP SIGNATURE-----
pgpIpYZkzghNn.pgp
Description: PGP signature
--- End Message ---
