Your message dated Fri, 14 Nov 2025 17:49:13 +0000
with message-id <[email protected]>
and subject line Bug#1104247: fixed in libmatio 1.5.29-1
has caused the Debian Bug report #1104247,
regarding libmatio: CVE-2025-2338
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104247
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmatio
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libmatio.
CVE-2025-2337[0]:
| A vulnerability, which was classified as critical, has been found in
| tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of
| the file src/mat.c. The manipulation leads to heap-based buffer
| overflow. The attack may be initiated remotely. The exploit has been
| disclosed to the public and may be used.
https://github.com/tbeu/matio/issues/267
CVE-2025-2338[1]:
| A vulnerability, which was classified as critical, was found in tbeu
| matio 1.5.28. Affected is the function strdup_vprintf of the file
| src/io.c. The manipulation leads to heap-based buffer overflow. It
| is possible to launch the attack remotely. The exploit has been
| disclosed to the public and may be used.
https://github.com/tbeu/matio/issues/269
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2337
https://www.cve.org/CVERecord?id=CVE-2025-2337
[1] https://security-tracker.debian.org/tracker/CVE-2025-2338
https://www.cve.org/CVERecord?id=CVE-2025-2338
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libmatio
Source-Version: 1.5.29-1
Done: Sébastien Villemot <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libmatio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Villemot <[email protected]> (supplier of updated libmatio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Nov 2025 18:19:06 +0100
Source: libmatio
Architecture: source
Version: 1.5.29-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Sébastien Villemot <[email protected]>
Closes: 1104247
Changes:
libmatio (1.5.29-1) unstable; urgency=medium
.
* New upstream version 1.5.29
- fixes CVE-2025-2338 (Closes: #1104247)
* d/copyright: reflect upstream changes
* array-index-out-of-bounds-with-bad-utf-8.patch: drop patch, applied
upstream
* Drop versioned Build-Depends on debhelper.
No longer needed, the constraint is satisfied in oldoldstable.
* d/control: use proper team name in Maintainer field
* d/watch: upgrade to file format version 5
* Drop “Rules-Requires-Root: no”, which is now the default
Checksums-Sha1:
915123f4a6c38b51a5b90006dd723b24b6693ac6 2167 libmatio_1.5.29-1.dsc
592f0d721e18fe703de75ad105abab0b2de4f482 10191780 libmatio_1.5.29.orig.tar.gz
cbdb61fe3ee9bd86aaef35358aee8c3817971587 8500 libmatio_1.5.29-1.debian.tar.xz
e56ded935fa9fb5dd8f2a4cb180cab0e1b31bba8 11388
libmatio_1.5.29-1_amd64.buildinfo
Checksums-Sha256:
940189634840b211f4c82486e6c7d5620ee4ace457b042bfb56133bf386e3078 2167
libmatio_1.5.29-1.dsc
d9e5f7a2f2c594eff15f550e34729b01991cdd5a028a558be8ce595b32233afb 10191780
libmatio_1.5.29.orig.tar.gz
b231e8ca2ac8fb3148a2d09d12fa07688e23b7822b08684b448482302b120114 8500
libmatio_1.5.29-1.debian.tar.xz
143444ca9f31f55132450096a1a9a88686ca11b3d5e6a45650f77fbe34b42c9f 11388
libmatio_1.5.29-1_amd64.buildinfo
Files:
04e8f264e7ac915472bf0a60b9e1fcf7 2167 libs optional libmatio_1.5.29-1.dsc
5eb40d2a06494e70e722f5281ae6bbd4 10191780 libs optional
libmatio_1.5.29.orig.tar.gz
a39cdee594c3888f4171a2ff9bedfce6 8500 libs optional
libmatio_1.5.29-1.debian.tar.xz
12697e12e9b5f1d33e2173edee81cb4f 11388 libs optional
libmatio_1.5.29-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAmkXZYQACgkQLOzpNQ7O
vkohgw//XU2wLUEqtd4UjJR9TcoLPRPFXfk6AranyzbAeZfiC+1TQw8gR1AJSxrp
R/9d5uuQASKsxAshTepxYN2KEF5E7FysAVL8vVVzFWku9xAYXvxxK2XKvA5YNQfW
WSWcksXG7f32muCfQGdrqSWIf34guShGigWGxF6jucCvtV+dVCjHcU/24pPXOO45
oxn077VFoQESA74IYaAJ5tUcPuVuLInxKOiYsKmtyZ9EibWD73mlpZdCk+ucN9xZ
zOA562kBUG/UvFO3gH1J7J/UBJJbcLekyPOsgJBn2PNjNwXYee4SFBXXdBafO96n
ujpCXm9qQyDLdLxf0N/MWxXWslqNPS7at8APVPexy2XnbdqROxaIgkeVuQs6s54g
8iz+F9l2GoQid4OzGtfGTsUHvajY/wgr61nawBBjVs7paitDSXw2eOlaOwtAza2J
TmWoESusIfhfCvkRvOFsd084E6wXwjVvh1hM3S5XSYlpgVCCDo5hreLS+VKronFg
49KMMZ8RRmhoKgkup9NP0FqsTzDFv2var8gWZWpmeAqpHI55un2P9DWMYA4WXgLt
WksuAz9KJEKRYnN4KISeSIM4gO/Zk1zuGVWb/9M027QRcDec5AaJPua7qFcLn1PJ
l+O9PKD28w5MMP2LwxmLyRxwr4+7epJaWkNJgyJd4NmxfxuEOQs=
=df4M
-----END PGP SIGNATURE-----
pgpg7_HXtTHDX.pgp
Description: PGP signature
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
