Hi,

The following vulnerabilities were published for biosig.

CVE-2025-54494[0]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 9205 of biosig.c on the current master branch (35a819fa), when the
| Tag is 133:                    else if (tag==133)    //0x85
| {                      curPos += ifread(buf,1,len,hdr);


CVE-2025-54493[1]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 9184 of biosig.c on the current master branch (35a819fa), when the
| Tag is 131:                    else if (tag==131)    //0x83
| {                      // Patient Age                      if
| (len!=7) fprintf(stderr,"Warning MFER tag131 incorrect length
| %i!=7\n",len);                      curPos += ifread(buf,1,len,hdr);


CVE-2025-54492[2]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 9141 of biosig.c on the current master branch (35a819fa), when the
| Tag is 67:                    else if (tag==67)     //0x43: Sample
| skew                  {                      int skew=0;     // [1]
| curPos += ifread(&skew, 1, len,hdr);    In this case, the address of
| the newly-defined integer `skew` \[1\] is overflowed instead of
| `buf`. This means a stack overflow can occur using much smaller
| values of `len` in this code path.


CVE-2025-54491[3]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 9191 of biosig.c on the current master branch (35a819fa), when the
| Tag is 65:                    else if (tag==65)     //0x41: patient
| event                  {                      // event table
| curPos += ifread(buf,1,len,hdr);


CVE-2025-54490[4]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 9090 of biosig.c on the current master branch (35a819fa), when the
| Tag is 64:                    else if (tag==64)     //0x40
| {                      // preamble                      char
| tmp[256];  // [1]                      curPos +=
| ifread(tmp,1,len,hdr);    In this case, the overflowed buffer is the
| newly-declared `tmp` \[1\] instead of `buf`. While `tmp` is larger
| than `buf`, having a size of 256 bytes, a stack overflow can still
| occur in cases where `len` is encoded using multiple octets and is
| greater than 256.


CVE-2025-54489[5]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8970 of biosig.c on the current master branch (35a819fa), when the
| Tag is 63:                    else if (tag==63) {
| uint8_t tag2=255, len2=255;                        count = 0;
| while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){
| curPos += ifread(&tag2,1,1,hdr);                          curPos +=
| ifread(&len2,1,1,hdr);                          if
| (VERBOSE_LEVEL==9)
| fprintf(stdout,"MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i
| curPos=%i %li
| count=%4i\n",tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count);
| if (FlagInfiniteLength && len2==0 && tag2==0) break;
| count  += (2+len2);                          curPos +=
| ifread(&buf,1,len2,hdr);    Here, the number of bytes read is not
| the Data Length decoded from the current frame in the file (`len`)
| but rather is a new length contained in a single octet read from the
| same input file (`len2`). Despite this, a stack-based buffer
| overflow condition can still occur, as the destination buffer is
| still `buf`, which has a size of only 128 bytes, while `len2` can be
| as large as 255.


CVE-2025-54488[6]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8850 of biosig.c on the current master branch (35a819fa), when the
| Tag is 13:                    else if (tag==13) {
| if (len>8) fprintf(stderr,"Warning MFER tag13 incorrect length
| %i>8\n",len);                      curPos += ifread(&buf,1,len,hdr);


CVE-2025-54487[7]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8842 of biosig.c on the current master branch (35a819fa), when the
| Tag is 12:                    else if (tag==12)    //0x0C
| {                      // sampling resolution
| if (len>6) fprintf(stderr,"Warning MFER tag12 incorrect length
| %i>6\n",len);                      val32   = 0;
| int8_t  v8;                      curPos +=
| ifread(&UnitCode,1,1,hdr);                      curPos +=
| ifread(&v8,1,1,hdr);                      curPos +=
| ifread(buf,1,len-2,hdr);    In addition to values of `len` greater
| than 130 triggering a buffer overflow, a value of `len` smaller than
| 2 will also trigger a buffer overflow due to an integer underflow
| when computing `len-2` in this code path.


CVE-2025-54486[8]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8824 of biosig.c on the current master branch (35a819fa), when the
| Tag is 11:                    else if (tag==11)    //0x0B
| {                      // Fs                      if (len>6)
| fprintf(stderr,"Warning MFER tag11 incorrect length %i>6\n",len);
| double  fval;                      curPos += ifread(buf,1,len,hdr);


CVE-2025-54485[9]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8785 of biosig.c on the current master branch (35a819fa), when the
| Tag is 8:                    else if (tag==8) {
| if (len>2) fprintf(stderr,"Warning MFER tag8 incorrect length
| %i>2\n",len);                      curPos += ifread(buf,1,len,hdr);


CVE-2025-54484[10]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8779 of biosig.c on the current master branch (35a819fa), when the
| Tag is 6:                                   else if (tag==6)
| // 0x06 "number of sequences"                                 {
| // NRec                                         if (len>4)
| fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n",len);
| curPos += ifread(buf,1,len,hdr);


CVE-2025-54483[11]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8759 of biosig.c on the current master branch (35a819fa), when the
| Tag is 5:                                   else if (tag==5)
| //0x05: number of channels                                 {
| uint16_t oldNS=hdr->NS;                                         if
| (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length
| %i>4\n",len);                                         curPos +=
| ifread(buf,1,len,hdr);


CVE-2025-54482[12]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8751 of biosig.c on the current master branch (35a819fa), when the
| Tag is 4:                                   else if (tag==4) {
| // SPR                                         if (len>4)
| fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len);
| curPos += ifread(buf,1,len,hdr);


CVE-2025-54481[13]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8744 of biosig.c on the current master branch (35a819fa), when the
| Tag is 3:                                   else if (tag==3) {
| // character code                                         char
| v[17];             // [1]                                         if
| (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length
| %i>16\n",len);                                         curPos +=
| ifread(&v,1,len,hdr);                                         v[len]
| = 0;    In this case, the overflowed buffer is the newly-declared
| `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much
| smaller values of `len` (even those encoded using a single octet)
| can trigger an overflow in this code path.


CVE-2025-54480[14]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.This vulnerability manifests on line
| 8719 of biosig.c on the current master branch (35a819fa), when the
| Tag is 0:                                   if (tag==0) {
| if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length
| %i!=1\n",len);                                         curPos +=
| ifread(buf,1,len,hdr);                                 }


CVE-2025-54462[15]:
| A heap-based buffer overflow vulnerability exists in the Nex parsing
| functionality of The Biosig Project libbiosig 3.9.0 and Master
| Branch (35a819fa). A specially crafted .nex file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.


CVE-2025-53853[16]:
| A heap-based buffer overflow vulnerability exists in the ISHNE
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted ISHNE ECG annotations
| file can lead to arbitrary code execution. An attacker can provide a
| malicious file to trigger this vulnerability.


CVE-2025-53557[17]:
| A heap-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.


CVE-2025-53518[18]:
| An integer overflow vulnerability exists in the ABF parsing
| functionality of The Biosig Project libbiosig 3.9.0 and Master
| Branch (35a819fa). A specially crafted ABF file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.


CVE-2025-53511[19]:
| A heap-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.


CVE-2025-52581[20]:
| An integer overflow vulnerability exists in the GDF parsing
| functionality of The Biosig Project libbiosig 3.9.0 and Master
| Branch (35a819fa). A specially crafted GDF file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.


CVE-2025-52461[21]:
| An out-of-bounds read vulnerability exists in the Nex parsing
| functionality of The Biosig Project libbiosig 3.9.0 and Master
| Branch (35a819fa). A specially crafted .nex file can lead to an
| information leak. An attacker can provide a malicious file to
| trigger this vulnerability.


CVE-2025-48005[22]:
| A heap-based buffer overflow vulnerability exists in the RHS2000
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted RHS2000 file can lead
| to arbitrary code execution. An attacker can provide a malicious
| file to trigger this vulnerability.


CVE-2025-46411[23]:
| A stack-based buffer overflow vulnerability exists in the MFER
| parsing functionality of The Biosig Project libbiosig 3.9.0 and
| Master Branch (35a819fa). A specially crafted MFER file can lead to
| arbitrary code execution. An attacker can provide a malicious file
| to trigger this vulnerability.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-54494
https://www.cve.org/CVERecord?id=CVE-2025-54494
[1] https://security-tracker.debian.org/tracker/CVE-2025-54493
https://www.cve.org/CVERecord?id=CVE-2025-54493
[2] https://security-tracker.debian.org/tracker/CVE-2025-54492
https://www.cve.org/CVERecord?id=CVE-2025-54492
[3] https://security-tracker.debian.org/tracker/CVE-2025-54491
https://www.cve.org/CVERecord?id=CVE-2025-54491
[4] https://security-tracker.debian.org/tracker/CVE-2025-54490
https://www.cve.org/CVERecord?id=CVE-2025-54490
[5] https://security-tracker.debian.org/tracker/CVE-2025-54489
https://www.cve.org/CVERecord?id=CVE-2025-54489
[6] https://security-tracker.debian.org/tracker/CVE-2025-54488
https://www.cve.org/CVERecord?id=CVE-2025-54488
[7] https://security-tracker.debian.org/tracker/CVE-2025-54487
https://www.cve.org/CVERecord?id=CVE-2025-54487
[8] https://security-tracker.debian.org/tracker/CVE-2025-54486
https://www.cve.org/CVERecord?id=CVE-2025-54486
[9] https://security-tracker.debian.org/tracker/CVE-2025-54485
https://www.cve.org/CVERecord?id=CVE-2025-54485
[10] https://security-tracker.debian.org/tracker/CVE-2025-54484
https://www.cve.org/CVERecord?id=CVE-2025-54484
[11] https://security-tracker.debian.org/tracker/CVE-2025-54483
https://www.cve.org/CVERecord?id=CVE-2025-54483
[12] https://security-tracker.debian.org/tracker/CVE-2025-54482
https://www.cve.org/CVERecord?id=CVE-2025-54482
[13] https://security-tracker.debian.org/tracker/CVE-2025-54481
https://www.cve.org/CVERecord?id=CVE-2025-54481
[14] https://security-tracker.debian.org/tracker/CVE-2025-54480
https://www.cve.org/CVERecord?id=CVE-2025-54480
[15] https://security-tracker.debian.org/tracker/CVE-2025-54462
https://www.cve.org/CVERecord?id=CVE-2025-54462
[16] https://security-tracker.debian.org/tracker/CVE-2025-53853
https://www.cve.org/CVERecord?id=CVE-2025-53853
[17] https://security-tracker.debian.org/tracker/CVE-2025-53557
https://www.cve.org/CVERecord?id=CVE-2025-53557
[18] https://security-tracker.debian.org/tracker/CVE-2025-53518
https://www.cve.org/CVERecord?id=CVE-2025-53518
[19] https://security-tracker.debian.org/tracker/CVE-2025-53511
https://www.cve.org/CVERecord?id=CVE-2025-53511
[20] https://security-tracker.debian.org/tracker/CVE-2025-52581
https://www.cve.org/CVERecord?id=CVE-2025-52581
[21] https://security-tracker.debian.org/tracker/CVE-2025-52461
https://www.cve.org/CVERecord?id=CVE-2025-52461
[22] https://security-tracker.debian.org/tracker/CVE-2025-48005
https://www.cve.org/CVERecord?id=CVE-2025-48005
[23] https://security-tracker.debian.org/tracker/CVE-2025-46411
https://www.cve.org/CVERecord?id=CVE-2025-46411
[24] https://sourceforge.net/p/biosig/mailman/message/59224259/

Regards,
Salvatore

Attached are patches to fix a number of security vulnerabilities on
biosig 3.9.0 [1,2]. The numbers indicate the last 20 patches from
upstream [3,4].  Only those patches relevant for these CVE's are
discussed here:

The patches 0005 - 0009 are fixing:
CVE-2025-48005 <https://security-tracker.debian.org/tracker/CVE-2025-48005>
CVE-2025-52461 <https://security-tracker.debian.org/tracker/CVE-2025-52461>
CVE-2025-52581 <https://security-tracker.debian.org/tracker/CVE-2025-52581>
CVE-2025-53518 <https://security-tracker.debian.org/tracker/CVE-2025-53518>
CVE-2025-53853 <https://security-tracker.debian.org/tracker/CVE-2025-53853>
CVE-2025-54462 <https://security-tracker.debian.org/tracker/CVE-2025-54462>

Moreover, patches 0010 and 0020 are trying to address all issues in the
MFER implementation, namely
CVE-2025-46411 <https://security-tracker.debian.org/tracker/CVE-2025-46411>
CVE-2025-53511 <https://security-tracker.debian.org/tracker/CVE-2025-53511>
CVE-2025-53557 <https://security-tracker.debian.org/tracker/CVE-2025-53557>
CVE-2025-54480
<https://security-tracker.debian.org/tracker/CVE-2025-54480> -
CVE-2025-54494
<https://security-tracker.debian.org/tracker/CVE-2025-54494> (15 CVEs)

However, because of the (large) number of security issues in the
implementation of the support for MFER format, further checks might be
in order.

So, patch 0019 is guarding against unintended use of MFER. It disables
support for reading MFER and disable a possible attack vector from
malicious MFER data.

MFER files can be read only when environment variable
    BIOSIG_MFER_TRUST_INPUT=1
is set.  Those who rely on Biosig supporting MFER, can set that flag.
However, this should only be done when the file comes from a trusted
source, and it is safe to assume that there is no malicious intend.  I'm
aware that the need to set this flag will come at the cost for those
users who rely on MFER support. If that is affecting you in a negative
way, please get in contact with me, so that we can discuss an action
plan how to address this best and guarantee that the implementation for
MFER support is safe to use under all conditions.

Cheers, and stay safe,

    Alois


P.S.: The attached patches should be sufficient to address debian bug
#1112133 , and should be sufficient for patching biosig 3.9.0.
If you use biosig 3.9.1, only patch 0019 (and optionally 0020) are needed.


[1] https://security-tracker.debian.org/tracker/source-package/biosig
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133.
[3]  https://git.code.sf.net/p/biosig/code
[4] https://git.ista.ac.at/alois.schloegl/biosig/-/commits/master?search=CVE

Hi,

In my opinion it would be best for unstable/forky to just go to the
3.9.1 + patches variant.

For trixie and older we marked those issues no-dsa, and if we are
confident enough batching them in a future point release would be
great. But I think priority should go top-down so get issues first
addressed in unstable/forky, then down to trixie and bookworm. Do you
agree?

Regards,
Salvatore

Hi Alois,

Am Sun, Aug 31, 2025 at 11:27:12PM +0200 schrieb Alois Schlögl:

I've seen you released version 3.9.1.  I injected the new source into
Salsa.  Are those patches included into this new version and would this
version close this bug?

Kind regards
    Andreas.

Am 02.12.25 um 11:52 AM schrieb Andreas Tille:

Hi Andreas,

release v3.9.1 addresses are number of the reported CVE but not all.
Some MFER parsing issues are only addressed at some later commits.
The other CVE's (related to GDF, NEX, ABF, RHS2000, BrainVision) are
addressed by v3.9.1.

I've planning to release 3.9.2 within the next 5 weeks, this will fix
the other known security issues as well as a number of other bugs.
Again, the ABI will not change. If 5 weeks is to much, I can check
whether I can push this forward.


Kind regards,
    Alois

Hi Alois,

Am Tue, Dec 02, 2025 at 01:45:25PM +0100 schrieb Alois Schlögl:

Thank you for the confirmation.

I personally have no pressure, just stumbled upon a bug that could / should
be fixed with the effort of a simple upgrade to latest upstream.

Just ping on the Debian Med list + this bug once you have released the
next version and whether it might fix this bug.

Kind regards
      Andreas.

biosig v3.9.2 is available.

It comes improved support of several dataformats, and addresses a number
of known and potential vulnerabilities.
Find below a detailed list of improvements. Its definitively worth
upgrading.

The ABI has not changed, so in case of dynamic linking, you can just
replace libbiosig.so
and your are all set. In case of static linking, you need to recompile
your application.

As usual, downloads are available from here:
https://biosig.sourceforge.net/download.html


= Changes in v3.9.2

* Improved support of data formats:

- ABF1 && ABF2: several improvements:
         some scaling issues were addressed
         support for nOperationsMode=5 (Episodic Stimulation Mode) added

- FEF support improved;
         Files from CNSystem's Taskmonitor can now be opened.

- XML-based formats:
         disable use of internal copy of tinyxml, support for XML-based
formats
         will depend on the host providing tinyxml at build-time
         This avoids compilation errors on some platforms (Mac Ports?).

* Security-related improvement:
- MFER:
         add guard against unintended and potentially unsafe use of MFER
         In order to read MFER data, you need to set the environment
variable
                 set BIOSIG_MFER_TRUST_INPUT=1


* Debian bug #1112133 is now fixed. This addresses all
CVE-2025-54494 CVE-2025-54493 CVE-2025-54492 CVE-2025-54491
CVE-2025-54490 CVE-2025-54489 CVE-2025-54488 CVE-2025-54487
CVE-2025-54486 CVE-2025-54485 CVE-2025-54484 CVE-2025-54483
CVE-2025-54482 CVE-2025-54481 CVE-2025-54480 CVE-2025-54462
CVE-2025-53853 CVE-2025-53557 CVE-2025-53518 CVE-2025-53511
CVE-2025-52581 CVE-2025-52461 CVE-2025-48005 CVE-2025-46411

Unlike the announcement in release v3.9.1, some MFER-related issues
where not fixed then, these are fixed now. These changes address also
the vulnerability report TALOS-2025-2296 and a view similar issues.


* Platform support:
- New: Python 3.14



Enjoy. Merry Christmas and best Seasons greetings,

     Alois

Hi Andreas,


these and other vulnerabilities have been addressed in the "biosig
3.9.3". API/ABI compatibilty is maintained, the changes are mostly
fixing security vulnerabilities, so this might make it eligible upgrdae
in stable-security (or at least adding to backports).

Please note, that debian/control file in salsa seems to miss some build
dependencies. This patch should fix this (see also bug 1124146)


diff --git a/release/debian/control b/release/debian/control
index 4ea71d8b..37223977 100644
--- a/release/debian/control
+++ b/release/debian/control
@@ -10,6 +10,8 @@ Build-Depends: debhelper-compat (= 13),
                 d-shlibs,
                 gawk,
                 python3-setuptools,
+               python3-venv,
+               python3-build,
                 python3-all-dev,
                 python3-numpy,
                 zlib1g-dev,



Cheers,
    Alois

We believe that the bug you reported is fixed in the latest version of
biosig, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1112133@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <tille@debian.org> (supplier of updated biosig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sun, 26 Apr 2026 10:35:51 +0200
Source: biosig
Architecture: source
Version: 3.9.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
Changed-By: Andreas Tille <tille@debian.org>
Closes: 1112133 1122863 1124146 1130889
Changes:
 biosig (3.9.5-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Andreas Tille ]
   * New upstream version
     Closes: #1112133, #1122863, #1130889
   * d/watch: version=5
   * New upstream version
   * Fix clean target
   * Remove Priority field to comply with Debian Policy 4.7.3 (routine-
     update)
   * Standards-Version: 4.7.4 (routine-update)
   * debputy lint --auto-fix (routine-update)
   * use pybuild
 .
   [ Santiago Vila ]
   * Build-Depends: python3-venv, python3-build
     Closes: #1124146
Checksums-Sha1:
 42c2990f5a1bb123d03a9f8030a518279d7ab3ca 2514 biosig_3.9.5-1.dsc
 6281a49a1dba58ee66fcbbd3e9d7c1b74188af40 1900140 biosig_3.9.5.orig.tar.xz
 9b9d2a69d8ddc3f849b8d66c7bb826824796eddd 15200 biosig_3.9.5-1.debian.tar.xz
 1c689d37cbb1b7ecf60d027311ef5fd1d1b8e381 27506 biosig_3.9.5-1_amd64.buildinfo
Checksums-Sha256:
 edfbdbc298f24287e1a3e05f0f7dbeccf91708dbd02319dffcf6b9c02cc5e02e 2514 biosig_3.9.5-1.dsc
 dfdb7aec5ac9681f25e3c186a5b356d5ec86cda87cdcb034d38e838f875cc3f1 1900140 biosig_3.9.5.orig.tar.xz
 fe8bfa68949d28719507c328b6178a4154b0a0c849640c34c14d926ae1c44e2f 15200 biosig_3.9.5-1.debian.tar.xz
 6af355783328483db28cee9434c90fcc0e792f486431572e36573946552492ad 27506 biosig_3.9.5-1_amd64.buildinfo
Files:
 1dea0c06068ed57f79b8653b1b6cef6e 2514 science optional biosig_3.9.5-1.dsc
 5cf2c7de4b91753f305a4f46aa44cc60 1900140 science optional biosig_3.9.5.orig.tar.xz
 19ce93966f283ba876f5f7bbfec17960 15200 science optional biosig_3.9.5-1.debian.tar.xz
 bacf2e711454ccb9f667dd6da15d426c 27506 science optional biosig_3.9.5-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmnt01IRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtGYWw/+Puek+tP6Sm4zDrSIqmCjC5r7YWjQMkZ6
aIVgkvaHuztIol8HuwLebG+9HxIJy3OGZ3hPHan/ppCqJwZSMz3CwZhyb2oF42WA
IGdjZWCPGrA7Z/mXgMy2UCAuG5ZT2rM22DSfMpterwQgFoOO1ST9l/Or8/+sf912
b3zh3fvWumvppNfmjmrymRNiLhaHEsJ2oNBkTbhQnQaWABdytpTcNR5WoGKQrvA4
r7LT1n5+E1PIJgwcFHBs7ozHOd2vhhnUgLARFmMZhFXhLUZ2U1X8mBrBHaycP/RP
+3tS80iHhT6ojHa+aRy8aTak+FOYLxNDAiUjno0PwBX9mZR5YCWtdQpLouYuR16E
o8iVQqEHgffe0Yi10TCQ1UI1oBdjpuc9x4EgzjiI3I/mnfLlZ4CDMUvDuS4u4dlC
JQ0So4aKX4RxunJxmu3qTuWZ8+9H7uhjMg/dxHlzUSV1LRW/lP/fY74ZCroBbTHM
lpZoT/RI9yUXMPy6KJOKXiLUAtSjKLkGAIPlytHiPcpzUtRAn6D2YJr25v5jfqlf
KbCrWQDMXevA3Onqj4yd1rsy/+861v+YJBpD/BldPzSjKP9HS7kMVVYD66GpCP7q
yJZXC2/awDOY4+aK5LWgk6QHR0dpTsiHbjOZpxM/2RdKsTVEH80WjCAuuy3A3j+z
cFuRnxUzato=
=q/BZ
-----END PGP SIGNATURE-----