-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 May 2025 17:51:18 +0200 Source: libavif Binary: libavif-bin libavif-bin-dbgsym libavif-dev libavif-gdk-pixbuf libavif-gdk-pixbuf-dbgsym libavif15 libavif15-dbgsym Architecture: i386 Version: 0.11.1-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Salvatore Bonaccorso Description: libavif-bin - Library for handling .avif files (utilities) libavif-dev - Library for handling .avif files (development files) libavif-gdk-pixbuf - Library for handling .avif files (GDK pixbuf plugin) libavif15 - Library for handling .avif files Closes: 1105883 1105885 Changes: libavif (0.11.1-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Add integer overflow checks to makeRoom (CVE-2025-48174) (Closes: #1105885) * Avoid integer overflow in (32-bit) int or unsigned int arithmetic operations (CVE-2025-48175) (Closes: #1105883) Checksums-Sha1: 72fca059222d4ab6a0c93b8d1ff9d740c2f97729 116984 libavif-bin-dbgsym_0.11.1-1+deb12u1_i386.deb e81851b19aecd954d01949fb2f97f813c3a234d9 60980 libavif-bin_0.11.1-1+deb12u1_i386.deb 3b42c822ca0beb2a20102d76568d64c386cc4e62 41860 libavif-dev_0.11.1-1+deb12u1_i386.deb d4e50c790ed5cd5f71f3c41e08f091a4fd5c303d 15496 libavif-gdk-pixbuf-dbgsym_0.11.1-1+deb12u1_i386.deb 0cc5465ff792f60423e4e7568a14dc001d2af967 28036 libavif-gdk-pixbuf_0.11.1-1+deb12u1_i386.deb 5c019ed0c73af4030cf899de923b4c44aeebe8f1 203932 libavif15-dbgsym_0.11.1-1+deb12u1_i386.deb 0003061ab65cc59909a49b050199948a49b2e069 101024 libavif15_0.11.1-1+deb12u1_i386.deb 2b59508aeaa0a0182fb01317698c00ee2249e6f3 11602 libavif_0.11.1-1+deb12u1_i386-buildd.buildinfo Checksums-Sha256: 3cb3ae1d562ccd99aff97bb16b78529e1c63d54076e9b6e6bab4a45d9a57e932 116984 libavif-bin-dbgsym_0.11.1-1+deb12u1_i386.deb 40d1c549aa48bf006015ede643af320e916f51f493cc0d3915e5c342204a7dac 60980 libavif-bin_0.11.1-1+deb12u1_i386.deb 15ec9327cc29f6c88188209e380f02561ce36e33a91ff974539849b592b477d1 41860 libavif-dev_0.11.1-1+deb12u1_i386.deb de0afc0716adb549a6d30b7ac7a421cbce9bbadada7753c0917a98a093c61f29 15496 libavif-gdk-pixbuf-dbgsym_0.11.1-1+deb12u1_i386.deb 0047a56d68be3ba6ee43547c976d1613f90ef862d4c9879da01268da6624d25f 28036 libavif-gdk-pixbuf_0.11.1-1+deb12u1_i386.deb 5b8a88ad46e5130837a07f0254a53d208d2d95b883cb48467f11684f03c399a0 203932 libavif15-dbgsym_0.11.1-1+deb12u1_i386.deb 794d8a37e70dad0e8aeb25c1e1cb2881b103947b482b482b3cf577fb5aa94436 101024 libavif15_0.11.1-1+deb12u1_i386.deb aa7902b173b39c35858fab7e6685d01cb6d1ac4595293f9d07b93c2e615fbb93 11602 libavif_0.11.1-1+deb12u1_i386-buildd.buildinfo Files: c0e3306c0358547ef7a2f48dfc957377 116984 debug optional libavif-bin-dbgsym_0.11.1-1+deb12u1_i386.deb f8c55b702b1fb874f05362e125324246 60980 utils optional libavif-bin_0.11.1-1+deb12u1_i386.deb 2af7dabac6c87585abe8711f31e40984 41860 libdevel optional libavif-dev_0.11.1-1+deb12u1_i386.deb 21f4b5f468d0cd99f4ae503a3292cec8 15496 debug optional libavif-gdk-pixbuf-dbgsym_0.11.1-1+deb12u1_i386.deb 63192b5c77c32cb971bf29b3666d75c4 28036 libs optional libavif-gdk-pixbuf_0.11.1-1+deb12u1_i386.deb 8224c2a078ae120c75ea58da435e7c91 203932 debug optional libavif15-dbgsym_0.11.1-1+deb12u1_i386.deb 58e1156f2d1bd714a0569559f7052ca2 101024 libs optional libavif15_0.11.1-1+deb12u1_i386.deb c524fac737c2c36e8c75bdf55be3d7b7 11602 libs optional libavif_0.11.1-1+deb12u1_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmgzQlgACgkQ8IREj/cR iTNgFg//WwnKK/51G1h5CgfxjOg4NlOXMwo/NCTMQxKy123lVXCcukiq8RABUk4j BI2ubX3x6e+8AxoSXKoAHSVA5BIREIAWaeQq3HpVxIx89rsvMhM6pxkrDT52KN3E Y041684Q/AsA+YCtGtnFuF2ooJwWD57v8SStd/BMUiZjW0JtKtxBT/NvXrox1j0q FAHMyv6MKvD36ksqOnhLCU8dKaH7pti3GSD5jhqMpgK8XP44pQ/y722fG++TmncB 88UihmNmJXmPLOyNlAxkcchZUDxqm3xpbdgxJDEm2Arki13CboYTPdHzIXEo3GiR nPiiXTd70FgdT4SNKqcbpxB2pNLWOwU+RO4lkx6kk4HtY9h/s2F+Ojz38K9PmyE/ SJPvuSZsRvNZyVWpnk35f2WAiwLXkuqhlNLHHVsduAGjT5FkR6llCPyuP4eHyz0Y CDfh8KFybaKIKfLTE7j43QFsOEPdDuo+EQHCADa3Lq6bpof/AN8SEm9eMPsDY30a WDaozBN8ctJQioF/8D/mywlReMweupDLm6wgKvfsfikgEIDopazajqQ3chPsZur1 +rmuusrPq/sERkkRgrylckUurYa0w7DCvWbqapflqBETBKU1j0+mf1ZyrKW/kGdD ghk/ZHAqbW6IzolwjOdlzgOT1noDXxFJuqGG4GzFBz1GbTqX5JM= =8LpU -----END PGP SIGNATURE-----