Version in base suite: 2.5.3-2.1~deb13u1

Base version: openjpeg2_2.5.3-2.1~deb13u1
Target version: openjpeg2_2.5.3-2.1~deb13u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openjpeg2/openjpeg2_2.5.3-2.1~deb13u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openjpeg2/openjpeg2_2.5.3-2.1~deb13u2.dsc

 changelog                   |    6 ++++++
 patches/CVE-2026-6192.patch |   24 ++++++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 31 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp_ydj2pat/openjpeg2_2.5.3-2.1~deb13u1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp_ydj2pat/openjpeg2_2.5.3-2.1~deb13u2.dsc: no acceptable signature found
diff -Nru openjpeg2-2.5.3/debian/changelog openjpeg2-2.5.3/debian/changelog
--- openjpeg2-2.5.3/debian/changelog	2025-08-17 15:30:07.000000000 +0000
+++ openjpeg2-2.5.3/debian/changelog	2026-05-12 13:10:49.000000000 +0000
@@ -1,3 +1,9 @@
+openjpeg2 (2.5.3-2.1~deb13u2) trixie-security; urgency=medium
+
+  * CVE-2026-6192 (Closes: #1133832)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Tue, 12 May 2026 15:10:49 +0200
+
 openjpeg2 (2.5.3-2.1~deb13u1) trixie; urgency=medium
 
   * Non-maintainer upload.
diff -Nru openjpeg2-2.5.3/debian/patches/CVE-2026-6192.patch openjpeg2-2.5.3/debian/patches/CVE-2026-6192.patch
--- openjpeg2-2.5.3/debian/patches/CVE-2026-6192.patch	1970-01-01 00:00:00.000000000 +0000
+++ openjpeg2-2.5.3/debian/patches/CVE-2026-6192.patch	2026-05-12 13:10:45.000000000 +0000
@@ -0,0 +1,24 @@
+From 839936aa33eb8899bbbd80fda02796bb65068951 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 5 Apr 2026 13:25:27 +0200
+Subject: [PATCH] opj_pi_initialise_encode() (write code path): avoid potential
+ integer overflow leading to insufficient memory allocation
+
+--- openjpeg2-2.5.3.orig/src/lib/openjp2/pi.c
++++ openjpeg2-2.5.3/src/lib/openjp2/pi.c
+@@ -1694,9 +1694,12 @@ opj_pi_iterator_t *opj_pi_initialise_enc
+     l_current_pi = l_pi;
+ 
+     /* memory allocation for include*/
+-    l_current_pi->include_size = l_tcp->numlayers * l_step_l;
+-    l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
+-                            sizeof(OPJ_INT16));
++    l_current_pi->include = NULL;
++    if (l_step_l <= UINT_MAX / l_tcp->numlayers) {
++        l_current_pi->include_size = l_tcp->numlayers * l_step_l;
++        l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
++                                sizeof(OPJ_INT16));
++    }
+     if (!l_current_pi->include) {
+         opj_free(l_tmp_data);
+         opj_free(l_tmp_ptr);
diff -Nru openjpeg2-2.5.3/debian/patches/series openjpeg2-2.5.3/debian/patches/series
--- openjpeg2-2.5.3/debian/patches/series	2025-08-09 15:19:52.000000000 +0000
+++ openjpeg2-2.5.3/debian/patches/series	2026-05-12 13:10:33.000000000 +0000
@@ -1,3 +1,4 @@
 issue878.patch
 man_fix.patch
 0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch
+CVE-2026-6192.patch