Version in base suite: 2.4.4+dfsg-1+deb13u1

Base version: fluidsynth_2.4.4+dfsg-1+deb13u1
Target version: fluidsynth_2.4.4+dfsg-1+deb13u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/fluidsynth/fluidsynth_2.4.4+dfsg-1+deb13u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/fluidsynth/fluidsynth_2.4.4+dfsg-1+deb13u2.dsc

 changelog                    |    6 ++++++
 patches/CVE-2025-56225.patch |   16 ++++++++++++++++
 patches/series               |    1 +
 3 files changed, 23 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmprwskfnrv/fluidsynth_2.4.4+dfsg-1+deb13u1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmprwskfnrv/fluidsynth_2.4.4+dfsg-1+deb13u2.dsc: no acceptable signature found
diff -Nru fluidsynth-2.4.4+dfsg/debian/changelog fluidsynth-2.4.4+dfsg/debian/changelog
--- fluidsynth-2.4.4+dfsg/debian/changelog	2025-09-02 13:12:09.000000000 +0000
+++ fluidsynth-2.4.4+dfsg/debian/changelog	2026-03-04 19:50:29.000000000 +0000
@@ -1,3 +1,9 @@
+fluidsynth (2.4.4+dfsg-1+deb13u2) trixie; urgency=medium
+
+  * CVE-2025-56225
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 04 Mar 2026 20:50:29 +0100
+
 fluidsynth (2.4.4+dfsg-1+deb13u1) trixie; urgency=medium
 
   * Set the default samplerate to 48000 and buffer size to 512 in the
diff -Nru fluidsynth-2.4.4+dfsg/debian/patches/CVE-2025-56225.patch fluidsynth-2.4.4+dfsg/debian/patches/CVE-2025-56225.patch
--- fluidsynth-2.4.4+dfsg/debian/patches/CVE-2025-56225.patch	1970-01-01 00:00:00.000000000 +0000
+++ fluidsynth-2.4.4+dfsg/debian/patches/CVE-2025-56225.patch	2026-03-04 19:50:27.000000000 +0000
@@ -0,0 +1,16 @@
+From 45f2a79f4265dcc4f98cfbafdb10727fb1c0d411 Mon Sep 17 00:00:00 2001
+From: "Tom M." <tom.mbrt@googlemail.com>
+Date: Mon, 14 Jul 2025 18:13:38 +0200
+Subject: [PATCH] Fix a nullpointer dereference during legato mode (#1607)
+
+--- fluidsynth-2.4.4+dfsg.orig/src/synth/fluid_synth_monopoly.c
++++ fluidsynth-2.4.4+dfsg/src/synth/fluid_synth_monopoly.c
+@@ -410,7 +410,7 @@ int fluid_synth_noteoff_mono_LOCAL(fluid
+                 fluid_channel_breath_msb(channel))
+         {
+             /* legato playing detection */
+-            if(channel->mode  & FLUID_CHANNEL_LEGATO_PLAYING)
++            if (channel->mode & FLUID_CHANNEL_LEGATO_PLAYING && channel->preset != NULL)
+             {
+                 /* the list contains others notes */
+                 if(i_prev >= 0)
diff -Nru fluidsynth-2.4.4+dfsg/debian/patches/series fluidsynth-2.4.4+dfsg/debian/patches/series
--- fluidsynth-2.4.4+dfsg/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ fluidsynth-2.4.4+dfsg/debian/patches/series	2026-03-04 19:50:16.000000000 +0000
@@ -0,0 +1 @@
+CVE-2025-56225.patch