Version in base suite: 3.5.2+dfsg-1

Base version: cimg_3.5.2+dfsg-1
Target version: cimg_3.5.2+dfsg-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/cimg/cimg_3.5.2+dfsg-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/c/cimg/cimg_3.5.2+dfsg-1+deb13u1.dsc

 changelog                        |    9 +++++++++
 patches/fix-cve-2026-42144.patch |   16 ++++++++++++++++
 patches/fix-cve-2026-42146.patch |   19 +++++++++++++++++++
 patches/series                   |    2 ++
 4 files changed, 46 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp8sb2xqwe/cimg_3.5.2+dfsg-1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp8sb2xqwe/cimg_3.5.2+dfsg-1+deb13u1.dsc: no acceptable signature found
diff -Nru cimg-3.5.2+dfsg/debian/changelog cimg-3.5.2+dfsg/debian/changelog
--- cimg-3.5.2+dfsg/debian/changelog	2025-02-21 10:46:14.000000000 +0000
+++ cimg-3.5.2+dfsg/debian/changelog	2026-05-08 11:47:35.000000000 +0000
@@ -1,3 +1,12 @@
+cimg (3.5.2+dfsg-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-42144: Integer overflow in PNM size check
+  * CVE-2026-42146: OOM on crafted BMP
+  * (Closes: #1135778)
+
+ -- Adrian Bunk <bunk@debian.org>  Fri, 08 May 2026 14:47:35 +0300
+
 cimg (3.5.2+dfsg-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch
--- cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch	1970-01-01 00:00:00.000000000 +0000
+++ cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch	2026-05-08 11:47:35.000000000 +0000
@@ -0,0 +1,16 @@
+From: David Tschumperlé <david.tschumperle@unicaen.fr>
+Subject: Fix CVE-2026-42144
+Origin: upstream, https://github.com/GreycLab/CImg/commit/4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d
+Bug-Debian: https://bugs.debian.org/1135778
+
+--- a/CImg.h
++++ b/CImg.h
+@@ -56352,7 +56352,7 @@
+ 
+       if (filename) { // Check that dimensions specified in file does not exceed the buffer dimension
+         const cimg_int64 siz = cimg::fsize(filename);
+-        if (W*H*D>siz)
++        if ((cimg_int64)W*H*D>siz)
+           throw CImgIOException(_cimg_instance
+                                 "load_pnm(): Specified image dimensions in file '%s' exceed file size.",
+                                 cimg_instance,
diff -Nru cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch
--- cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch	1970-01-01 00:00:00.000000000 +0000
+++ cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch	2026-05-08 11:47:35.000000000 +0000
@@ -0,0 +1,19 @@
+From: David Tschumperlé <david.tschumperle@unicaen.fr>
+Subject: Fix CVE-2026-42146
+Origin: upstream, https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3
+Bug-Debian: https://bugs.debian.org/1135778
+
+--- a/CImg.h
++++ b/CImg.h
+@@ -55744,7 +55744,10 @@
+                               (long)fsiz,filename?filename:"(FILE*)",dx,dy);
+ 
+       CImg<intT> colormap;
+-      if (bpp<16) { if (!nb_colors) nb_colors = 1<<bpp; } else nb_colors = 0;
++      if (bpp<16) {
++        const int max_colors = 1<<bpp;
++        if (nb_colors<=0 || nb_colors>max_colors) nb_colors = max_colors;
++      } else nb_colors = 0;
+       if (nb_colors) { colormap.assign(nb_colors); cimg::fread(colormap._data,nb_colors,nfile); }
+ 
+       const int xoffset = offset - 14 - header_size - 4*nb_colors;
diff -Nru cimg-3.5.2+dfsg/debian/patches/series cimg-3.5.2+dfsg/debian/patches/series
--- cimg-3.5.2+dfsg/debian/patches/series	2025-02-21 10:46:14.000000000 +0000
+++ cimg-3.5.2+dfsg/debian/patches/series	2026-05-08 11:47:35.000000000 +0000
@@ -3,3 +3,5 @@
 # baseline.patch
 privacy.patch
 Imath.patch
+fix-cve-2026-42144.patch
+fix-cve-2026-42146.patch