Version in base suite: 1.2.2-2

Base version: libsndfile_1.2.2-2
Target version: libsndfile_1.2.2-2+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libs/libsndfile/libsndfile_1.2.2-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libs/libsndfile/libsndfile_1.2.2-2+deb13u1.dsc

 changelog                    |    6 ++++++
 patches/CVE-2025-56226.patch |   25 +++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 32 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpckyzzb7u/libsndfile_1.2.2-2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpckyzzb7u/libsndfile_1.2.2-2+deb13u1.dsc: no acceptable signature found
diff -Nru libsndfile-1.2.2/debian/changelog libsndfile-1.2.2/debian/changelog
--- libsndfile-1.2.2/debian/changelog	2024-12-14 12:50:37.000000000 +0000
+++ libsndfile-1.2.2/debian/changelog	2026-03-04 19:48:11.000000000 +0000
@@ -1,3 +1,9 @@
+libsndfile (1.2.2-2+deb13u1) trixie; urgency=medium
+
+  * CVE-2025-56226 (Closes: #1125674)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 04 Mar 2026 20:48:11 +0100
+
 libsndfile (1.2.2-2) unstable; urgency=high
 
   [ Fabian Toepfer ]
diff -Nru libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch
--- libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch	1970-01-01 00:00:00.000000000 +0000
+++ libsndfile-1.2.2/debian/patches/CVE-2025-56226.patch	2026-03-04 19:48:08.000000000 +0000
@@ -0,0 +1,25 @@
+From d9a35ea0d5c64c19dd635ae578e0028df8f66d6a Mon Sep 17 00:00:00 2001
+From: Sisyphus-wang <43361974+Sisyphus-wang@users.noreply.github.com>
+Date: Fri, 11 Jul 2025 15:14:48 +0800
+Subject: [PATCH] Update mpeg_l3_encode.c
+
+--- libsndfile-1.2.2.orig/src/mpeg_l3_encode.c
++++ libsndfile-1.2.2/src/mpeg_l3_encode.c
+@@ -87,7 +87,8 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, i
+ 	if (! (pmpeg->lamef = lame_init ()))
+ 		return SFE_MALLOC_FAILED ;
+ 
+-	pmpeg->compression = -1.0 ; /* Unset */
++	psf->codec_close	= mpeg_l3_encoder_close ; /* Set psf->codec_close early*/
++ 	pmpeg->compression = -1.0 ; /* Unset */
+ 
+ 	lame_set_in_samplerate (pmpeg->lamef, psf->sf.samplerate) ;
+ 	lame_set_num_channels (pmpeg->lamef, psf->sf.channels) ;
+@@ -115,7 +116,6 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, i
+ 		}
+ 
+ 	psf->sf.seekable	= 0 ;
+-	psf->codec_close	= mpeg_l3_encoder_close ;
+ 	psf->byterate		= mpeg_l3_encoder_byterate ;
+ 	psf->datalength		= 0 ;
+ 
diff -Nru libsndfile-1.2.2/debian/patches/series libsndfile-1.2.2/debian/patches/series
--- libsndfile-1.2.2/debian/patches/series	2024-12-14 12:50:32.000000000 +0000
+++ libsndfile-1.2.2/debian/patches/series	2026-03-04 19:47:56.000000000 +0000
@@ -13,3 +13,4 @@
 CVE-2022-33065/CVE-2022-33065-12.patch
 CVE-2022-33065/CVE-2022-33065-13.patch
 0039-src-ogg-better-error-checking-for-vorbis.-Fixes-1035.patch
+CVE-2025-56226.patch