Bug#1133010: prepare trixie pu for CVE-2026-35444 and related parser fixes
Simon McVittie
smcv at debian.org
Tue Apr 21 10:45:37 BST 2026
On Tue, 21 Apr 2026 at 00:33:48 -0300, Aquila Macedo wrote:
>I initially prepared a minimal trixie update for CVE-2026-35444 and
>sent it to the Security Team for review.
I still feel like I'm missing some context for why this particular CVE
and this particular package are of interest to you: I don't remember you
expressing any interest in SDL or SDL_image in the past, and this is a
low-severity CVE that I was surprised to see being prioritized.
Are you developing or maintaining a game that loads untrusted GIMP XCF
files using libsdl2-image, or are you doing this on behalf of some group
that incentivizes number of CVEs removed regardless of their importance,
or what?
Thanks,
smcv
More information about the Pkg-sdl-maintainers
mailing list