Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libsmb2 6.2+dfsg-3 (source) into unstable
Date: Fri, 17 Oct 2025 00:19:32 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Sep 2025 13:07:32 -0300
Source: libsmb2
Architecture: source
Version: 6.2+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Changed-By: Matheus Polkorny <mpolkorny@gmail.com>
Closes: 1116446
Changes:
 libsmb2 (6.2+dfsg-3) unstable; urgency=medium
 .
   * Import upstream patches to fix CVE-2025-57632 (Closes: #1116446)
     - When processing SMB2 chained PDUs (NextCommand), libsmb2
       repeatedly calls smb2_add_iovector() to append to a
       fixed-size iovec array without checking the upper bound
       of v->niov (SMB2_MAX_VECTORS=256)
   * d/control: Mark libsmb2-6 and libsmb2-dev as Multi-Arch: same
   * d/patches:
     - CVE-2025-57632-pt1.patch: New patch
     - CVE-2025-57632-pt2.patch: Backport and Update hunks' offsets
     - CVE-2025-57632-pt3.patch: Backport and Update hunks' offsets
     - CVE-2025-57632-pt4.patch: Backport and Change hunk to
       reflect new code indentation
   * d/watch: Update to version 5
Checksums-Sha1:
 7432d2b04e8dd35a9f9915c83ba6770ba97d2a57 2015 libsmb2_6.2+dfsg-3.dsc
 00d3656ffe89ca406a69da660f7f4abd32fb53b8 278334 libsmb2_6.2+dfsg.orig.tar.gz
 666ce7fa218ae57d67faf37a87c793a22517b818 18840 libsmb2_6.2+dfsg-3.debian.tar.xz
 f6801c63cba085d4961c6815809405bb91ab4be3 7396 libsmb2_6.2+dfsg-3_amd64.buildinfo
Checksums-Sha256:
 99ca5bee2c993244f5b3c2421ef92ace07f73dbabad0c645dbd2bb93437e3659 2015 libsmb2_6.2+dfsg-3.dsc
 5fa97ecb099d0cebcf7ba6b0a5e3f84d89eb66aeed7e71111e6dee22699d031b 278334 libsmb2_6.2+dfsg.orig.tar.gz
 b525624f9429abcfb6449acf21c1b235d7c28d3ab2063f15874afaddcaaab619 18840 libsmb2_6.2+dfsg-3.debian.tar.xz
 66a1c87f20a062c3bbdb8db75960b9cb79db30d232cbc3b40382bb7659158938 7396 libsmb2_6.2+dfsg-3_amd64.buildinfo
Files:
 754746f86dd5b02f1005a0b6c0d87174 2015 libs optional libsmb2_6.2+dfsg-3.dsc
 986b303ec392e2801995421edef0cffc 278334 libs optional libsmb2_6.2+dfsg.orig.tar.gz
 493efdeddee3f45f86e648788bcf8f4f 18840 libs optional libsmb2_6.2+dfsg-3.debian.tar.xz
 51b6d011d91fe231174491aeb9650456 7396 libs optional libsmb2_6.2+dfsg-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmjxh24ACgkQu6n6rcz7
Rwf0lA//b1j2OdWqbSdoj9kf0cYhPkM5D+7LUwezCOu6+1Vb8hR1GjPapqBqXuyn
xYQXhIXXZCsFxTBn9p8UW/2VyU0JhGcH7AqqUo7xLeFARcJwNA3tfFSFwJisx8Tu
98LiOar+OdFtZ7pw1kw7AdY5SGJqxioemR211hf/t5VqNOD53oLsRPASCcXHn1aM
3iJbMBo/kKczbVp8X8EIXPgJYagUyk7g7EQy6mXi6+0z3AAPzQG6AYzw9K+YeJyu
IeziH1bpigUx10EggJt2H28M58qmXaQ6owbqbwbwWqLE9UgTYLRVs+M0FPN0G81G
UaY1sn+xVAhj3rAToBn/XZNr0ncf0CiFPJo9fJQycVH/gNgnpBURj3PP33cI7IVj
UiqSx+kK/6HYMScGz4XMy8Duo+s0nQ4ZI4IeeDyxW3LzS+J4Zqqc8HcTaA5Hxf8m
WtrETajskJrwfobNdFuCjL5Bj3UZmgKEsLqBv4048vkuiLQ8Wk9TnKGl8D5mL8bn
D4i/8DZUhoVQfXSqv6PpO0zB6HD+60uf6ZacXGCwh5jURQBwJOVTWq+qQzoUVRuy
0gTHefF8pX9IOmyeOzNu2CDrKIh5jzKq0xh/8eOKa5b/rXvHwMQEsuM6pgqJOZHI
CRkGFaeNGpp0rfKlyrBb19yuoF8CHuZMn9Le7ggBRdvngaS6rh0=
=FuHo
-----END PGP SIGNATURE-----
News for package libsmb2
