Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted krita 1:4.4.2+dfsg-1+deb11u1 (source) into oldoldstable-security
Date: Fri, 05 Dec 2025 05:40:28 +0000
Signed by: Daniel Leidert <dleidert@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Dec 2025 04:01:24 +0100
Source: krita
Architecture: source
Version: 1:4.4.2+dfsg-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Changes:
 krita (1:4.4.2+dfsg-1+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-59820.patch: Add patch to fix CVE-2025-59820.
     - Loading a manipulated TGA file could result in a heap-based buffer
       overflow in KisTgaImport. The control flow proceeds even when a number
       of pixels becomes negative.
Checksums-Sha1:
 dd64d8c4dc19c054141e6cba3efc65cb171005b8 3138 krita_4.4.2+dfsg-1+deb11u1.dsc
 d0beb23046b11c7032d0eb71908c6c9b433cba8f 172519128 krita_4.4.2+dfsg.orig.tar.xz
 0f1c03c468ef0a5f05f042ea62f8714fc9fd2cc5 21232 krita_4.4.2+dfsg-1+deb11u1.debian.tar.xz
 b59bddd2f515b4615712e710f04569d862639f4c 18394 krita_4.4.2+dfsg-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 7b14cad180c875bba2d116613450a9e3dc584d24dc2eccef096f01f687dd50c2 3138 krita_4.4.2+dfsg-1+deb11u1.dsc
 eb9add9e181955bd6a5cee9c57a3cd423ffb8678daecbd60d9a211368f9f90d1 172519128 krita_4.4.2+dfsg.orig.tar.xz
 0c94c7ce348172512b039ec35748f7e0dda7dd5f45ad2bb09c8185d841b9966d 21232 krita_4.4.2+dfsg-1+deb11u1.debian.tar.xz
 1b8979fae4af070a4add54031441cbfd29daabcb4ab9696755dd315ace325ac3 18394 krita_4.4.2+dfsg-1+deb11u1_amd64.buildinfo
Files:
 44bb64f202e7db41616dae603aba91f8 3138 kde optional krita_4.4.2+dfsg-1+deb11u1.dsc
 5d5c744bc1091bc5b9cf689fb8662929 172519128 kde optional krita_4.4.2+dfsg.orig.tar.xz
 0d701f28d00e3d062f3d632a8208ba8e 21232 kde optional krita_4.4.2+dfsg-1+deb11u1.debian.tar.xz
 30fd5cfad8e8298ebf9e665cc9b7691d 18394 kde optional krita_4.4.2+dfsg-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmkybOgACgkQS80FZ8KW
0F1waRAAvJVRK98pKpGvC7HhVU7w1266Ob/z2pXygGD6u7e+Bxyt3IbiscpHDblj
mOx+JHa4z4BEOdC7Wy+Mo0x51rmAlXXFKCwmNZBXZNUVG4V/bfywNw5ioNK/4rbj
Q+A8fEfHRexMIxE6hXdXLedLFfkqMEYhCwr4nBP+DAYvSpApfWBAd+sH4SBXLMJP
80xhfc96ZYWAQAKTINK8IztyTuVz1kVq6Z4QLSKhPLonS0RG22Z2kn6ji/Lwdj2C
4GsjDdaCMYmZY83ZxZMW6Bx0QM7sTCWJEodsy3CtvWeon6i+pzmzFx10S1//Lk3g
MnRHOk0MdG0T8PD1Wh6iTrYBsWuj5HgZbRO5iXjutjn6JwGfQCPnUBk2+FY2aS98
x6gTPKGLZQjzclx5tBL+gIAAc7c4imqnyzgg6G2MOxV+Sl5IQou1bpGekhPIwZ8S
ubPgKwIbo6odLtCwytiJn6ESaUiuDYebPBYxbusQ03FNxZjsGlM4UatCSZMiH8Xg
J3eorshiq6UobUYWjZnhDz+J4ZvHdXalkeleSjIlLcAlYG0op8tTfETWMNd+JvGM
KUO3E4wuFlMavCzWYJl5HGrIwzcpxpvqZHthH+DVLpV6dQ99Drkpfxlp9VEB4D7N
xlzJDkXixVD6H9Ty4cCsqzqSHp8uBpkRlPvMRsbdJoqW19tJelw=
=6PXn
-----END PGP SIGNATURE-----

News for package krita