Fabre

#1140695 trixie-pu: package libass/1:0.17.3-1+deb13u1 #1140695

Package:: release.debian.org

Source:: release.debian.org

Submitter:: Sebastian Ramacher

Date:: 2026-06-24 17:49:02 UTC

Severity:: normal

Tags:

#1140695#5

Date:: 2026-06-24 17:47:24 UTC

From:

To:

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: libass@packages.debian.org, sramacher@debian.org
Control: affects -1 + src:libass
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
The update contains an upstream provided fix for a out-of-bounds read
and write issue with malicious ASS file. The issue is tracked as
GHSA-pjjp-65r7-ppgm.

https://github.com/libass/libass/security/advisories/GHSA-pjjp-65r7-ppgm

The same fix is included in 1:0.17.5-1 in unstable.

[ Impact ]
A security issue remains unfixed.

[ Tests ]
None, backport of an upstream provided fix.

[ Risks ]
Regressions would also affect unstable and we can backport necessary
fixes in future stable updates.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Path from upstream and an undocumented update for debian/gbp.conf to
track the correct branches.

[ Other info ]
I have already uploaded the changes.

Cheers

#1140695 trixie-pu: package libass/1:0.17.3-1+deb13u1 #1140695

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)