Version in base suite: 3.4.1+dfsg-7 Base version: openslide_3.4.1+dfsg-7 Target version: openslide_3.4.1+dfsg-7+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openslide/openslide_3.4.1+dfsg-7.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openslide/openslide_3.4.1+dfsg-7+deb13u1.dsc changelog | 9 +++++++++ patches/CVE-2026-48977.patch | 28 ++++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 38 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpglj_76qq/openslide_3.4.1+dfsg-7.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpglj_76qq/openslide_3.4.1+dfsg-7+deb13u1.dsc: no acceptable signature found diff -Nru openslide-3.4.1+dfsg/debian/changelog openslide-3.4.1+dfsg/debian/changelog --- openslide-3.4.1+dfsg/debian/changelog 2023-08-24 23:17:26.000000000 +0000 +++ openslide-3.4.1+dfsg/debian/changelog 2026-06-14 17:17:44.000000000 +0000 @@ -1,3 +1,12 @@ +openslide (3.4.1+dfsg-7+deb13u1) trixie; urgency=medium + + * CVE-2026-48977.patch: new: fix CVE-2026-48977. + The change lacks attempt to apply the test case, because the binary + representation of a newly introduced test file is not possible in the + patch. (Closes: #1140003) + + -- Étienne Mollier Sun, 14 Jun 2026 19:17:44 +0200 + openslide (3.4.1+dfsg-7) unstable; urgency=medium * Non-maintainer upload. diff -Nru openslide-3.4.1+dfsg/debian/patches/CVE-2026-48977.patch openslide-3.4.1+dfsg/debian/patches/CVE-2026-48977.patch --- openslide-3.4.1+dfsg/debian/patches/CVE-2026-48977.patch 1970-01-01 00:00:00.000000000 +0000 +++ openslide-3.4.1+dfsg/debian/patches/CVE-2026-48977.patch 2026-06-14 17:17:44.000000000 +0000 @@ -0,0 +1,28 @@ +Applied-Upstream: 2be88bd782d9fff46de8e56a99baca523e7917b3 +Author: Benjamin Gilbert +Last-Update: 2026-06-14 +Description: ventana: fail if area has invalid tile count + Reported-by: Erik Lening + Signed-off-by: Benjamin Gilbert + . + This Debian-specific patch lacks implementation of the test case due to + technical unability to represent the OS-2.bif.xdelta within a quilt + patch. +Reviewed-By: Étienne Mollier +Bug-Debian: https://bugs.debian.org/1140003 + +--- openslide.orig/src/openslide-vendor-ventana.c ++++ openslide/src/openslide-vendor-ventana.c +@@ -524,6 +524,12 @@ + // get tile counts + PARSE_INT_ATTRIBUTE_OR_FAIL(info, ATTR_NUM_COLS, area->tiles_across); + PARSE_INT_ATTRIBUTE_OR_FAIL(info, ATTR_NUM_ROWS, area->tiles_down); ++ if (area->tiles_across < 1 || area->tiles_down < 1) { ++ g_set_error(err, OPENSLIDE_ERROR, OPENSLIDE_ERROR_FAILED, ++ "Area has invalid tile count %"PRId64"x%"PRId64, ++ area->tiles_across, area->tiles_down); ++ goto FAIL; ++ } + + // get position + // it seems these are always whole numbers, but they are sometimes diff -Nru openslide-3.4.1+dfsg/debian/patches/series openslide-3.4.1+dfsg/debian/patches/series --- openslide-3.4.1+dfsg/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ openslide-3.4.1+dfsg/debian/patches/series 2026-06-14 17:17:44.000000000 +0000 @@ -0,0 +1 @@ +CVE-2026-48977.patch