Version in base suite: 2.5.0-2+deb12u2

Base version: openjpeg2_2.5.0-2+deb12u2
Target version: openjpeg2_2.5.0-2+deb12u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openjpeg2/openjpeg2_2.5.0-2+deb12u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openjpeg2/openjpeg2_2.5.0-2+deb12u3.dsc

 changelog                   |    6 ++++++
 patches/CVE-2026-6192.patch |   24 ++++++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 31 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmps6ohmyrf/openjpeg2_2.5.0-2+deb12u2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmps6ohmyrf/openjpeg2_2.5.0-2+deb12u3.dsc: no acceptable signature found
diff -Nru openjpeg2-2.5.0/debian/changelog openjpeg2-2.5.0/debian/changelog
--- openjpeg2-2.5.0/debian/changelog	2025-08-10 00:05:29.000000000 +0000
+++ openjpeg2-2.5.0/debian/changelog	2026-05-12 13:15:10.000000000 +0000
@@ -1,3 +1,9 @@
+openjpeg2 (2.5.0-2+deb12u3) bookworm-security; urgency=medium
+
+  * CVE-2026-6192 (Closes: #1133832)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Tue, 12 May 2026 15:15:10 +0200
+
 openjpeg2 (2.5.0-2+deb12u2) bookworm; urgency=medium
 
   * Non-maintainer upload.
diff -Nru openjpeg2-2.5.0/debian/patches/CVE-2026-6192.patch openjpeg2-2.5.0/debian/patches/CVE-2026-6192.patch
--- openjpeg2-2.5.0/debian/patches/CVE-2026-6192.patch	1970-01-01 00:00:00.000000000 +0000
+++ openjpeg2-2.5.0/debian/patches/CVE-2026-6192.patch	2026-05-12 13:15:06.000000000 +0000
@@ -0,0 +1,24 @@
+From 839936aa33eb8899bbbd80fda02796bb65068951 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 5 Apr 2026 13:25:27 +0200
+Subject: [PATCH] opj_pi_initialise_encode() (write code path): avoid potential
+ integer overflow leading to insufficient memory allocation
+
+--- openjpeg2-2.5.0.orig/src/lib/openjp2/pi.c
++++ openjpeg2-2.5.0/src/lib/openjp2/pi.c
+@@ -1699,9 +1699,12 @@ opj_pi_iterator_t *opj_pi_initialise_enc
+     l_current_pi = l_pi;
+ 
+     /* memory allocation for include*/
+-    l_current_pi->include_size = l_tcp->numlayers * l_step_l;
+-    l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
+-                            sizeof(OPJ_INT16));
++    l_current_pi->include = NULL;
++    if (l_step_l <= UINT_MAX / l_tcp->numlayers) {
++        l_current_pi->include_size = l_tcp->numlayers * l_step_l;
++        l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
++                                sizeof(OPJ_INT16));
++    }
+     if (!l_current_pi->include) {
+         opj_free(l_tmp_data);
+         opj_free(l_tmp_ptr);
diff -Nru openjpeg2-2.5.0/debian/patches/series openjpeg2-2.5.0/debian/patches/series
--- openjpeg2-2.5.0/debian/patches/series	2025-08-10 00:05:29.000000000 +0000
+++ openjpeg2-2.5.0/debian/patches/series	2026-05-12 13:14:46.000000000 +0000
@@ -5,3 +5,4 @@
 CVE-2024-56826.patch
 CVE-2024-56827.patch
 0001-opj_dwt_decode_tile-avoid-potential-UndefinedBehavio.patch
+CVE-2026-6192.patch