localsearch_3.8.2-12_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Feb 5 21:36:01 GMT 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Feb 2026 16:06:08 -0500
Source: localsearch
Built-For-Profiles: noudeb
Architecture: source
Version: 3.8.2-12
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Closes: 1126910
Changes:
localsearch (3.8.2-12) unstable; urgency=high
.
[ Marc Deslauriers ]
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1764.patch: check for valid offsets
extracting MP3 performer tags in
src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1764
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/bug426.patch: bail out on 0-size frame for ID3v2.0
tags in src/tracker-extract/tracker-extract-mp3.c.
- No CVE number
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1765.patch: check for buffer boundaries
extracting MP3 TXXX tags in
src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1765
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1766-pre1.patch: minor code refactor in
src/tracker-extract/tracker-extract-mp3.c.
- debian/patches/CVE-2026-1766.patch: refactor/fix handling of COMM
tags in src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1766
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2026-1767.patch: fix accounting of offsets within
MP3 performer tags in src/tracker-extract/tracker-extract-mp3.c.
- CVE-2026-1767
- Closes: #1126910
Checksums-Sha1:
2d46ac9bcbdd188e4f8d811e68d2c1b70baca98e 3264 localsearch_3.8.2-12.dsc
9a679a354eb03379c7469bffddd8f27a9f5d1650 19612 localsearch_3.8.2-12.debian.tar.xz
3b45e086f5db68f0a4d634cb4e5f0f999e414bdc 15267 localsearch_3.8.2-12_source.buildinfo
Checksums-Sha256:
9ba20f69679b7e8179b3aadfc276956b2569f485e6a93c92b3986411cc34d54b 3264 localsearch_3.8.2-12.dsc
6a6777c0e95e3b974d667bdab5a303758a2cdf5722644f1846ea4a4e0359a05d 19612 localsearch_3.8.2-12.debian.tar.xz
53aa976156f6a32a4274a16173a4039659d1c20b52c43eb5b21f2f02ce2e856a 15267 localsearch_3.8.2-12_source.buildinfo
Files:
2e0ee1c25a47354c159b90c0126dfefe 3264 utils optional localsearch_3.8.2-12.dsc
a994fdb0b385303a375e5de8f352fbc4 19612 utils optional localsearch_3.8.2-12.debian.tar.xz
fe61b336a7a7d5715cebde443d7a3ee3 15267 utils optional localsearch_3.8.2-12_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmmFB7EACgkQ5mx3Wuv+
bH1ZXg//XPBOqYt7wGvhilOtVe9m0wda/t4PLpyCqXMGJaDfj+5KmswlhUQgOh21
I9FLbJ9Iz/ouFXBmlZf9NDJMbENtwBNBlWU7BpQNQ5yjXSZCfoNTVFgooymq+ZyR
WMf9AA7J2kJyGRjjqYSglgL9b1U7vv907iX4YY1m5fkkJds3e9qWdw9z90jVEVDL
IKYbv1cFwXAs/h+h6iKw+IJ7Y5xQU6y5b4tf+1MbTNGK8TasBXxMppYF21HgAfDi
9cemwz0YdvGVflY0vz9AOH5A4B4/EGf0cUVAJkiXDLSBqgSO1VPEKrzj1Sa9xFAb
X/Gs/nNUsATovhlW3LtWiVCaqsziBbqPLG8q62irNZHx6Y68wFXKix7oiQOwPawK
XSsUoNFtLA1n5oT7AZLO5zuvnukUN3ka8h9M0d2uSz5pm5tjrKaWeje+l5QFG9hG
DASk2yRVxlZWU4JFWQlgoZO6gXLAiXMpSfYe64X1WhRiVdtZgvVDIqMQvnX2WIXs
LjES41Q2vrHvBVLH0I62JdfEDsa2HU29i+EpePtPCTmC2hfusfXMmmj7RFbK6Xl/
bDTs7g3copJeWL9rhlVDLRDIMkundX7wE0etXmSCj1IXnTMEubO51QBGGiHyHDKc
R9G6NJs+0bd1FxdfoQRhMWCnDda82rWbS5ohdXccM1nA8Z3oV38=
=+elt
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20260205/fff1a877/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list