Version in base suite: 5.1.5+dfsg-2

Base version: krita_5.1.5+dfsg-2
Target version: krita_5.1.5+dfsg-2+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/k/krita/krita_5.1.5+dfsg-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/k/krita/krita_5.1.5+dfsg-2+deb12u1.dsc

 changelog                    |    6 ++++++
 patches/CVE-2025-59820.patch |   28 ++++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 35 insertions(+)

gpgv: Signature made Fri Feb  3 19:51:07 2023 UTC
gpgv:                using RSA key 5F2A9FB82FA6C1E1077007072D191C8843B13F4D
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp1xf5vetx/krita_5.1.5+dfsg-2.dsc: no acceptable signature found
gpgv: Signature made Wed Nov 26 08:11:14 2025 UTC
gpgv:                using RSA key B6E62F3D12AC38495C0DA90510C293B6C37C4E36
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp1xf5vetx/krita_5.1.5+dfsg-2+deb12u1.dsc: no acceptable signature found
diff -Nru krita-5.1.5+dfsg/debian/changelog krita-5.1.5+dfsg/debian/changelog
--- krita-5.1.5+dfsg/debian/changelog	2023-02-03 19:49:27.000000000 +0000
+++ krita-5.1.5+dfsg/debian/changelog	2025-11-25 09:41:04.000000000 +0000
@@ -1,3 +1,9 @@
+krita (1:5.1.5+dfsg-2+deb12u1) bookworm-security; urgency=medium
+
+  * CVE-2025-59820
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Tue, 25 Nov 2025 20:40:39 +0100
+
 krita (1:5.1.5+dfsg-2) unstable; urgency=medium
 
   * Extend the libjxl-dev build dependency to all the Linux architectures,
diff -Nru krita-5.1.5+dfsg/debian/patches/CVE-2025-59820.patch krita-5.1.5+dfsg/debian/patches/CVE-2025-59820.patch
--- krita-5.1.5+dfsg/debian/patches/CVE-2025-59820.patch	1970-01-01 00:00:00.000000000 +0000
+++ krita-5.1.5+dfsg/debian/patches/CVE-2025-59820.patch	2025-11-25 09:05:26.000000000 +0000
@@ -0,0 +1,28 @@
+From 6d3651ac4df88efb68e013d21061de9846e83fe8 Mon Sep 17 00:00:00 2001
+From: Dmitry Kazakov <dimula73@gmail.com>
+Date: Mon, 8 Sep 2025 15:35:51 +0200
+Subject: [PATCH] Fix a crash in KisTgaImport
+
+---
+ plugins/impex/tga/kis_tga_import.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/plugins/impex/tga/kis_tga_import.cpp b/plugins/impex/tga/kis_tga_import.cpp
+index 8bb838a8470..b3e1058c859 100644
+--- a/plugins/impex/tga/kis_tga_import.cpp
++++ b/plugins/impex/tga/kis_tga_import.cpp
+@@ -153,6 +153,11 @@ static bool loadTGA(QDataStream & s, const TgaHeader & tga, QImage &img)
+             uint count = (c & 0x7f) + 1;
+             num -= count * pixel_size;
+ 
++            if (num < 0) {
++                dbgFile << "This TGA file is broken: the number of pixels left to read and the number of RLE pixels do not agree" << ppVar(num) << ppVar(count) << ppVar(pixel_size);
++                return false;
++            }
++
+             if (c & 0x80) {
+                 // RLE pixels.
+                 Q_ASSERT(pixel_size <= 8);
+-- 
+GitLab
+
diff -Nru krita-5.1.5+dfsg/debian/patches/series krita-5.1.5+dfsg/debian/patches/series
--- krita-5.1.5+dfsg/debian/patches/series	2022-08-22 03:34:15.000000000 +0000
+++ krita-5.1.5+dfsg/debian/patches/series	2025-11-25 09:40:25.000000000 +0000
@@ -1 +1,2 @@
 xsimd-require-xtl.diff
+CVE-2025-59820.patch