[Debian-med-packaging] Bug#1140003: openslide: CVE-2026-48977
Étienne Mollier
emollier at debian.org
Sun Jun 21 15:03:13 BST 2026
Hi there,
Salvatore Bonaccorso, on 2026-06-21:
> On Sun, Jun 21, 2026 at 10:13:43AM +0200, Étienne Mollier wrote:
> > No worries, when I saw the multiple security announcements, I've
> > suspected you might be a bit drowned, so I probably should not
> > have insisted to double check the situation. I'm still
> > intending to coordinate with stable release managers and will
> > likely proceed later today. No hard feelings. ;)
>
> No worries at all, it is manageable, I just think still openslide is
> better candidate to be batched with other updates in the upcoming
> point release. It is good if you ask to double check if there are
> uncertainities (better safe!).
Sounds good! I started the coordination work for upload to
proposed-upgrades. It is tracked in #1140493 and #1140494.
> > In the meantime, I've focused on integrating openslide 4.0.1,
> > currently in experimental as it is going to require a
> > transition. Up to version 4.0.0, openslide is affected by
> > CVE-2026-54604 [1]; see also #1099727. Thankfully, if I trust
> > the advisory on Github [2], Debian stable releases are not
> > affected, because they ship with libtiff 4.7.0 or earlier, which
> > do not trigger the vulnerability openslide.
>
> Ack we will look on how to update the tracker.
Thanks for the update!
> Thanks for all your work!
You're welcome, I return the compliment for tracking the
security of the system!
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/3, please excuse my verbosity
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20260621/0ac9225c/attachment-0001.sig>
More information about the Debian-med-packaging
mailing list