Bug#1109262: CVE-2025-7345: gdk-pixbuf: heap buffer overflow in JPEGs with chunked ICC data
Cyril Brulebois
kibi at debian.org
Mon Aug 4 20:45:56 BST 2025
Salvatore Bonaccorso <carnil at debian.org> (2025-07-27):
> At this point in time, if you do not feel confortable to have it
> unblocked for trixie, then let's rather wait for the first point
> release. For instance for bookworm we did mark it as no-dsa/postponed
> so that the fix is exposed first in any case in the upper suites (and
> if regressions are uncovered). The one reported seems to have matured
> to a false-positive.
>
> But if you are confident at this point with the 14 days of exposure in
> unstable with no additional regression reports (and maybe compare with
> Ubuntu's update), an unblock now for trixie would at least ensure we
> start with a "clean" page for gdk-pixbuf for trixie's release.
I was surprised to see this package show up in the udeb diff between RC
2 and RC 3 but an unblock happened on 2025-07-30…
Cheers,
--
Cyril Brulebois (kibi at debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250804/13facafc/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list