[Debian-med-packaging] Bug#1099727: Please package OpenSlide 4.0.1
Benjamin Gilbert
bgilbert at cs.cmu.edu
Mon Jun 8 05:43:48 BST 2026
OpenSlide 4.0.1 has been released. OpenSlide 3.4.1 is now over eleven
years old.
Notable changes since 4.0.0 that are relevant to packaging:
- Added library dependency on Zstandard
- Increased minimum libdicom version to 1.3
- Dropped dependency on GDK-PixBuf
- Fixed arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977)
- Fixed return of uninitialized pixels with libtiff 4.7.1
(GHSA-f734-jv98-5677, CVE requested)
Both vulnerabilities also affect OpenSlide 3.4.1.
More information about the Debian-med-packaging
mailing list