Version in base suite: 1.13.0-6

Base version: poco_1.13.0-6
Target version: poco_1.13.0-6+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/poco/poco_1.13.0-6.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/poco/poco_1.13.0-6+deb13u1.dsc

 changelog                                                               |    8 ++
 patches/0001-fix-Net-A-SEGV-at-Net-src-MultipartReader.cpp-164-1-.patch |   34 ++++++++++
 patches/series                                                          |    1 
 3 files changed, 43 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpforlaatp/poco_1.13.0-6.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpforlaatp/poco_1.13.0-6+deb13u1.dsc: no acceptable signature found
diff -Nru poco-1.13.0/debian/changelog poco-1.13.0/debian/changelog
--- poco-1.13.0/debian/changelog	2024-03-17 19:41:11.000000000 +0000
+++ poco-1.13.0/debian/changelog	2026-06-20 18:15:03.000000000 +0000
@@ -1,3 +1,11 @@
+poco (1.13.0-6+deb13u1) trixie; urgency=medium
+
+  * QA upload.
+  * CVE-2025-6375: Segmentation fault in MultipartStreamBuf
+    (Closes: #1108157)
+
+ -- Adrian Bunk <bunk@debian.org>  Sat, 20 Jun 2026 21:15:03 +0300
+
 poco (1.13.0-6) unstable; urgency=medium
 
   * QA upload
diff -Nru poco-1.13.0/debian/patches/0001-fix-Net-A-SEGV-at-Net-src-MultipartReader.cpp-164-1-.patch poco-1.13.0/debian/patches/0001-fix-Net-A-SEGV-at-Net-src-MultipartReader.cpp-164-1-.patch
--- poco-1.13.0/debian/patches/0001-fix-Net-A-SEGV-at-Net-src-MultipartReader.cpp-164-1-.patch	1970-01-01 00:00:00.000000000 +0000
+++ poco-1.13.0/debian/patches/0001-fix-Net-A-SEGV-at-Net-src-MultipartReader.cpp-164-1-.patch	2026-06-20 18:14:17.000000000 +0000
@@ -0,0 +1,34 @@
+From 9c10313986291de42c68ea63a5701748682c51e8 Mon Sep 17 00:00:00 2001
+From: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
+Date: Wed, 16 Apr 2025 09:15:33 +0200
+Subject: fix(Net): A SEGV at Net/src/MultipartReader.cpp:164:1 #4915 (move
+ assertion out of ctor)
+
+---
+ Net/src/MultipartReader.cpp | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/Net/src/MultipartReader.cpp b/Net/src/MultipartReader.cpp
+index 24f42c341..df43adacc 100644
+--- a/Net/src/MultipartReader.cpp
++++ b/Net/src/MultipartReader.cpp
+@@ -36,7 +36,6 @@ MultipartStreamBuf::MultipartStreamBuf(std::istream& istr, const std::string& bo
+ 	_boundary(boundary),
+ 	_lastPart(false)
+ {
+-	poco_assert (!boundary.empty() && boundary.length() < STREAM_BUFFER_SIZE - 6);
+ }
+ 
+ 
+@@ -47,7 +46,7 @@ MultipartStreamBuf::~MultipartStreamBuf()
+ 
+ int MultipartStreamBuf::readFromDevice(char* buffer, std::streamsize length)
+ {
+-	poco_assert_dbg (length >= _boundary.length() + 6);
++	poco_assert (!_boundary.empty() && _boundary.length() < length - 6);
+ 
+ 	static const int eof = std::char_traits<char>::eof();
+ 	std::streambuf& buf = *_istr.rdbuf();
+-- 
+2.47.3
+
diff -Nru poco-1.13.0/debian/patches/series poco-1.13.0/debian/patches/series
--- poco-1.13.0/debian/patches/series	2024-03-17 19:36:37.000000000 +0000
+++ poco-1.13.0/debian/patches/series	2026-06-20 18:15:01.000000000 +0000
@@ -9,3 +9,4 @@
 0010-Disable-SHA2-test-on-platforms-where-it-s-broken.patch
 0011-Set-POCO_NO_FPENVIRONMENT-for-armel.patch
 0012-Disable-failing-tests.patch
+0001-fix-Net-A-SEGV-at-Net-src-MultipartReader.cpp-164-1-.patch