[From nobody Sat Mar 21 08:35:07 2026 Received: (at 1128068-close) by bugs.debian.org; 21 Mar 2026 08:33:39 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.2 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD, HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE,SPF_HELO_PASS,SPF_NONE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 150; neutral, 231; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]:36382) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1w3rm7-006vqu-25 for 1128068-close@bugs.debian.org; Sat, 21 Mar 2026 08:33:39 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mailly.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1w3rm4-009Psy-1a for 1128068-close@bugs.debian.org; Sat, 21 Mar 2026 08:33:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=/mBX2RG936K21dPZ58EWAfwdt+Z4Y8alXV43Aot3BOs=; b=SciHHYHqeMUekZYECPO1uUE0iB UzDre2dGzIcCuJI4nx2JUMPkgWrlqDAe02eaWZk376oOHpMhs76bFoJ2ILN8tAnCJnxqbNBQLvUm7 DQ7ePAXy5bgWm9g9XSYklVM7dy88Axf4QJtMUX+WSx7y4ARC1zoVrhPlHZlOc4ruWGBGQ/yhU9+Fp +lM+B+GU/Ce8K2uUWDqNS3xiYAw+p+ooCsmCCQMkc/+umRE7aJqK9we9Z7syeq8PVXjBO96mkm9fq 1YhogCvrPzi/76kWC9emTUT/OADF6qdg4Fmb/e3Tx+Ww7S98NucEVg7RfIHpnm/WqJab8nf5sYbNE I62Zztew==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1w3rm3-00000002EZy-2XGK; Sat, 21 Mar 2026 08:33:35 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Adrian Bunk <bunk@debian.org> To: 1128068-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: jpeg-xl Debian: DAK Debian-Changes: jpeg-xl_0.11.2-0.1_source.changes Debian-Source: jpeg-xl Debian-Version: 0.11.2-0.1 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1128068: fixed in jpeg-xl 0.11.2-0.1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============0814399925400485866==" Message-Id: <E1w3rm3-00000002EZy-2XGK@fasolo.debian.org> Date: Sat, 21 Mar 2026 08:33:35 +0000 --===============0814399925400485866== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: jpeg-xl Source-Version: 0.11.2-0.1 Done: Adrian Bunk <bunk@debian.org> We believe that the bug you reported is fixed in the latest version of jpeg-xl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1128068@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <bunk@debian.org> (supplier of updated jpeg-xl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 Mar 2026 13:38:01 +0200 Source: jpeg-xl Architecture: source Version: 0.11.2-0.1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.= debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Closes: 1114914 1123400 1128067 1128068 Changes: jpeg-xl (0.11.2-0.1) unstable; urgency=3Dmedium . * Non-maintainer upload. * New upstream release. - CVE-2025-12474: Decoder read from uninitialized (but allocated) memory (Closes: #1128068) - CVE-2026-1837: Decoder write to uninitialized unallocated memory (Closes: #1128067) * Disable a failing test. (Closes: #1123400) * Increase the test timeout. (Closes: #1114914) * Backport a loong64 FTBFS fix. Checksums-Sha1: 2ec6464b3fad683caecb67b494cfa94363f3e886 3199 jpeg-xl_0.11.2-0.1.dsc 2acaf75909eea67cc7d861a9a918733d5f630db8 1882762 jpeg-xl_0.11.2.orig.tar.gz 15c94f80eb2d5b8511cbd94d54c48b836247f642 22548 jpeg-xl_0.11.2-0.1.debian.tar= .xz Checksums-Sha256: 24e0f11be1c7f6cf4e03fb4913a2fe4f04ec4970e561d3e2dbbd71e3aa7a28a7 3199 jpeg-x= l_0.11.2-0.1.dsc ab38928f7f6248e2a98cc184956021acb927b16a0dee71b4d260dc040a4320ea 1882762 jpe= g-xl_0.11.2.orig.tar.gz f31146cd85fd4a55142c5e5baccc9e0958a41565f06f1dcde2497abf1bbb518a 22548 jpeg-= xl_0.11.2-0.1.debian.tar.xz Files: ac7efc4ee3f63559a68a670bb4f7db26 3199 graphics optional jpeg-xl_0.11.2-0.1.d= sc eda39db6e7a58b73be9124381862b9d1 1882762 graphics optional jpeg-xl_0.11.2.or= ig.tar.gz 3008a8ee3e667a63c5b609b77f2f8516 22548 graphics optional jpeg-xl_0.11.2-0.1.= debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmm8C4wACgkQiNJCh6LY mLHNHQ//UMAUzctrGnkksVjz/t1ZUeBrspbpdCK+FCviXwTvrUQaJrXj7RDdFBIk U32yKSi5XSd7Gx5Bg7RzzHgptsEmyn3mcKmcEKwEB/edbRND2ahxIf3uS957Ss3p l0PH60CVGdfqogmuRGMjWVB4w3B9yVJO/Oysk/1Mz8NQwibZrs1auQsnhwoXuguU ESu/qMh+io8O7GBIxTlO8HqF8sFkXuGvwyd0RnuIwmHA4KVT6pRMU4GktRhXFGdI uI/jLpdKWWkKDMfZFbgTQPGlNI2cSIz2dnf/A1vNrGST1i1qHh5C1asFr/FXByK1 cvEIz9gK5Mfdb638DoH2hlxJPqPyrMkphBklwJFaN1dsqX51IzaOh2GxBJfSe1L/ VepU1zLUZQ7oFiMTIl3p1qfb3Ja/X5UtxzWfGuYLyKn7u7gpJOUQaJwsMGwtXCEk fjchupyUD91N1A/89A9BQpKlgOYKSXwEItiKCOBqb2RDuSxLJ9PyUVawV5UMMuG8 ctDujWyu/AL3j+uTMtutMzLF/hvY5v3PT7diu78HuGTgVDPUol0VV14he9lS6XRk 3qiR4m2MD1hneXHdZ4F320NGJB/dg9Xby7g5Ltf67dBh8+LfPe+XI/9dapQrPz6+ 2gVjJkUbSF0PJt4CPkXqjvGGh1VSCjDKsnSeTCxbbGJpdzzyQbU=3D =3DKhjL -----END PGP SIGNATURE----- --===============0814399925400485866== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCab5X3wAKCRCb9qggYcy5 IYimAP9P5Tg4Zi+DNh3De/JR0TRTD00qTi0dYVY0tBEtDA5mTAD6ArAEeMnpvr2Y CuabDTFBRA7iaDsK9+ZggWwy4bf7zAg= =lRYm -----END PGP SIGNATURE----- --===============0814399925400485866==-- ]