Bug#1109262: CVE-2025-7345: gdk-pixbuf: heap buffer overflow in JPEGs with chunked ICC data
Simon McVittie
smcv at debian.org
Tue Aug 5 00:32:31 BST 2025
On Mon, 04 Aug 2025 at 21:45:56 +0200, Cyril Brulebois wrote:
>Salvatore Bonaccorso <carnil at debian.org> (2025-07-27):
>> At this point in time, if you do not feel confortable to have it
>> unblocked for trixie, then let's rather wait for the first point
>> release
>
>I was surprised to see this package show up in the udeb diff between RC
>2 and RC 3 but an unblock happened on 2025-07-30…
Yeah, that surprised me too... I didn't ask for the unblock, but
apparently the release team were sufficiently happy with it to unblock
it unprompted.
It shouldn't matter for d-i in any case, because the only change was the
CVE fix in the JPEG loader, but the gdk-pixbuf udeb only has the PNG
loader (as far as we know that's the only format d-i wants).
smcv
More information about the pkg-gnome-maintainers
mailing list