Version in base suite: 2.14-2

Base version: lcms2_2.14-2
Target version: lcms2_2.14-2+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/l/lcms2/lcms2_2.14-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/l/lcms2/lcms2_2.14-2+deb12u1.dsc

 changelog                    |    6 +++++
 patches/CVE-2026-41254.patch |   47 +++++++++++++++++++++++++++++++++++++++++++
 patches/series               |    1 
 3 files changed, 54 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpz0e1sp03/lcms2_2.14-2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpz0e1sp03/lcms2_2.14-2+deb12u1.dsc: no acceptable signature found
diff -Nru lcms2-2.14/debian/changelog lcms2-2.14/debian/changelog
--- lcms2-2.14/debian/changelog	2023-02-19 21:32:28.000000000 +0000
+++ lcms2-2.14/debian/changelog	2026-04-30 18:16:10.000000000 +0000
@@ -1,3 +1,9 @@
+lcms2 (2.14-2+deb12u1) bookworm-security; urgency=medium
+
+  * CVE-2026-41254 (Closes: #1134335)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Thu, 30 Apr 2026 20:16:10 +0200
+
 lcms2 (2.14-2) unstable; urgency=medium
 
   * New patch: allow-to-read-portions-of-tag.diff.
diff -Nru lcms2-2.14/debian/patches/CVE-2026-41254.patch lcms2-2.14/debian/patches/CVE-2026-41254.patch
--- lcms2-2.14/debian/patches/CVE-2026-41254.patch	1970-01-01 00:00:00.000000000 +0000
+++ lcms2-2.14/debian/patches/CVE-2026-41254.patch	2026-04-30 18:16:06.000000000 +0000
@@ -0,0 +1,47 @@
+From 5b083856e928bd73a655c1d6c1255c49d973ceca Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Mon, 17 Apr 2023 15:23:53 +0200
+Subject: [PATCH] prevent to allocate a big chunk of memory on corrupted LUT
+
+From da6110b1d14abc394633a388209abd5ebedd7ab0 Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Thu, 19 Feb 2026 09:07:20 +0100
+Subject: [PATCH] Fix integer overflow in CubeSize()
+
+From e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Thu, 12 Mar 2026 22:57:35 +0100
+Subject: [PATCH] check for overflow
+
+--- lcms2-2.14.orig/src/cmslut.c
++++ lcms2-2.14/src/cmslut.c
+@@ -460,21 +460,25 @@ void EvaluateCLUTfloatIn16(const cmsFloa
+ static
+ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
+ {
+-    cmsUInt32Number rv, dim;
++    cmsUInt32Number dim;
++    cmsUInt64Number rv;
+ 
+     _cmsAssert(Dims != NULL);
+ 
+     for (rv = 1; b > 0; b--) {
+ 
+         dim = Dims[b-1];
+-        if (dim <= 1) return 0;  // Error
+-
+-        rv *= dim;
++        if (dim <= 1) return 0;  
+ 
+         // Check for overflow
+         if (rv > UINT_MAX / dim) return 0;
++
++        rv *= dim;
+     }
+ 
++    // Again, prevent overflow
++    if (rv > UINT_MAX / 15) return 0;
++
+     return rv;
+ }
+ 
diff -Nru lcms2-2.14/debian/patches/series lcms2-2.14/debian/patches/series
--- lcms2-2.14/debian/patches/series	2023-02-19 21:32:28.000000000 +0000
+++ lcms2-2.14/debian/patches/series	2026-04-30 18:15:41.000000000 +0000
@@ -3,3 +3,4 @@
 fix-memory-corruption-when-unregistering-plugins.diff
 manpages-cleanup.patch
 allow-to-read-portions-of-tag.diff
+CVE-2026-41254.patch