[Debian-med-packaging] Bug#1140003: openslide: CVE-2026-48977
Étienne Mollier
emollier at debian.org
Sun Jun 21 09:13:43 BST 2026
Hi Salvatore,
Salvatore Bonaccorso, on 2026-06-20:
> Sorry for the late followup, there was/is some backlog and openslide
> was not on topmost on the radar. I still think openslide would be good
> candidate for the point releases (which are approaching, rather than a
> dedicated security update).
No worries, when I saw the multiple security announcements, I've
suspected you might be a bit drowned, so I probably should not
have insisted to double check the situation. I'm still
intending to coordinate with stable release managers and will
likely proceed later today. No hard feelings. ;)
In the meantime, I've focused on integrating openslide 4.0.1,
currently in experimental as it is going to require a
transition. Up to version 4.0.0, openslide is affected by
CVE-2026-54604 [1]; see also #1099727. Thankfully, if I trust
the advisory on Github [2], Debian stable releases are not
affected, because they ship with libtiff 4.7.0 or earlier, which
do not trigger the vulnerability openslide.
[1]: https://security-tracker.debian.org/tracker/CVE-2026-54604
[2]: https://github.com/openslide/openslide/security/advisories/GHSA-f734-jv98-5677
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/2, please excuse my verbosity
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20260621/65db4f6e/attachment.sig>
More information about the Debian-med-packaging
mailing list