Version in base suite: 10.2.0-1

Base version: harfbuzz_10.2.0-1
Target version: harfbuzz_10.2.0-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/h/harfbuzz/harfbuzz_10.2.0-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/h/harfbuzz/harfbuzz_10.2.0-1+deb13u1.dsc

 changelog                                     |    8 +++++++
 patches/0001-cmap-malloc-fail-test-5710.patch |   28 ++++++++++++++++++++++++++
 patches/series                                |    1 
 3 files changed, 37 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpmkgz7a4w/harfbuzz_10.2.0-1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpmkgz7a4w/harfbuzz_10.2.0-1+deb13u1.dsc: no acceptable signature found
diff -Nru harfbuzz-10.2.0/debian/changelog harfbuzz-10.2.0/debian/changelog
--- harfbuzz-10.2.0/debian/changelog	2025-01-14 21:20:38.000000000 +0000
+++ harfbuzz-10.2.0/debian/changelog	2026-05-07 08:40:29.000000000 +0000
@@ -1,3 +1,11 @@
+harfbuzz (10.2.0-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-22693: Null Pointer Dereference in SubtableUnicodesCache::create
+    (Closes: #1125189)
+
+ -- Adrian Bunk <bunk@debian.org>  Thu, 07 May 2026 11:40:29 +0300
+
 harfbuzz (10.2.0-1) unstable; urgency=medium
 
   * New upstream version 10.2.0
diff -Nru harfbuzz-10.2.0/debian/patches/0001-cmap-malloc-fail-test-5710.patch harfbuzz-10.2.0/debian/patches/0001-cmap-malloc-fail-test-5710.patch
--- harfbuzz-10.2.0/debian/patches/0001-cmap-malloc-fail-test-5710.patch	1970-01-01 00:00:00.000000000 +0000
+++ harfbuzz-10.2.0/debian/patches/0001-cmap-malloc-fail-test-5710.patch	2026-05-07 08:40:06.000000000 +0000
@@ -0,0 +1,28 @@
+From f471988ee05970d852f5187839add7ef5199cee2 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Fri, 9 Jan 2026 04:54:42 -0700
+Subject: [cmap] malloc fail test (#5710)
+
+Fixes https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww
+---
+ src/hb-ot-cmap-table.hh | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh
+index 7a7a77ad5..e3f428695 100644
+--- a/src/hb-ot-cmap-table.hh
++++ b/src/hb-ot-cmap-table.hh
+@@ -1683,6 +1683,10 @@ struct SubtableUnicodesCache {
+   {
+     SubtableUnicodesCache* cache =
+         (SubtableUnicodesCache*) hb_malloc (sizeof(SubtableUnicodesCache));
++
++    if (unlikely (!cache))
++      return nullptr;
++
+     new (cache) SubtableUnicodesCache (source_table);
+     return cache;
+   }
+-- 
+2.47.3
+
diff -Nru harfbuzz-10.2.0/debian/patches/series harfbuzz-10.2.0/debian/patches/series
--- harfbuzz-10.2.0/debian/patches/series	2025-01-14 21:20:38.000000000 +0000
+++ harfbuzz-10.2.0/debian/patches/series	2026-05-07 08:40:26.000000000 +0000
@@ -0,0 +1 @@
+0001-cmap-malloc-fail-test-5710.patch