-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 Feb 2026 16:06:08 -0500 Source: localsearch Built-For-Profiles: noudeb Architecture: source Version: 3.8.2-12 Distribution: unstable Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Jeremy Bícha <jbicha@ubuntu.com> Closes: 1126910 Changes: localsearch (3.8.2-12) unstable; urgency=high . [ Marc Deslauriers ] * SECURITY UPDATE: Heap Buffer Overflow - debian/patches/CVE-2026-1764.patch: check for valid offsets extracting MP3 performer tags in src/tracker-extract/tracker-extract-mp3.c. - CVE-2026-1764 * SECURITY UPDATE: NULL Pointer Dereference - debian/patches/bug426.patch: bail out on 0-size frame for ID3v2.0 tags in src/tracker-extract/tracker-extract-mp3.c. - No CVE number * SECURITY UPDATE: Heap Buffer Overflow - debian/patches/CVE-2026-1765.patch: check for buffer boundaries extracting MP3 TXXX tags in src/tracker-extract/tracker-extract-mp3.c. - CVE-2026-1765 * SECURITY UPDATE: Heap Buffer Overflow - debian/patches/CVE-2026-1766-pre1.patch: minor code refactor in src/tracker-extract/tracker-extract-mp3.c. - debian/patches/CVE-2026-1766.patch: refactor/fix handling of COMM tags in src/tracker-extract/tracker-extract-mp3.c. - CVE-2026-1766 * SECURITY UPDATE: Heap Buffer Overflow - debian/patches/CVE-2026-1767.patch: fix accounting of offsets within MP3 performer tags in src/tracker-extract/tracker-extract-mp3.c. - CVE-2026-1767 - Closes: #1126910 Checksums-Sha1: 2d46ac9bcbdd188e4f8d811e68d2c1b70baca98e 3264 localsearch_3.8.2-12.dsc 9a679a354eb03379c7469bffddd8f27a9f5d1650 19612 localsearch_3.8.2-12.debian.tar.xz 3b45e086f5db68f0a4d634cb4e5f0f999e414bdc 15267 localsearch_3.8.2-12_source.buildinfo Checksums-Sha256: 9ba20f69679b7e8179b3aadfc276956b2569f485e6a93c92b3986411cc34d54b 3264 localsearch_3.8.2-12.dsc 6a6777c0e95e3b974d667bdab5a303758a2cdf5722644f1846ea4a4e0359a05d 19612 localsearch_3.8.2-12.debian.tar.xz 53aa976156f6a32a4274a16173a4039659d1c20b52c43eb5b21f2f02ce2e856a 15267 localsearch_3.8.2-12_source.buildinfo Files: 2e0ee1c25a47354c159b90c0126dfefe 3264 utils optional localsearch_3.8.2-12.dsc a994fdb0b385303a375e5de8f352fbc4 19612 utils optional localsearch_3.8.2-12.debian.tar.xz fe61b336a7a7d5715cebde443d7a3ee3 15267 utils optional localsearch_3.8.2-12_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmmFB7EACgkQ5mx3Wuv+ bH1ZXg//XPBOqYt7wGvhilOtVe9m0wda/t4PLpyCqXMGJaDfj+5KmswlhUQgOh21 I9FLbJ9Iz/ouFXBmlZf9NDJMbENtwBNBlWU7BpQNQ5yjXSZCfoNTVFgooymq+ZyR WMf9AA7J2kJyGRjjqYSglgL9b1U7vv907iX4YY1m5fkkJds3e9qWdw9z90jVEVDL IKYbv1cFwXAs/h+h6iKw+IJ7Y5xQU6y5b4tf+1MbTNGK8TasBXxMppYF21HgAfDi 9cemwz0YdvGVflY0vz9AOH5A4B4/EGf0cUVAJkiXDLSBqgSO1VPEKrzj1Sa9xFAb X/Gs/nNUsATovhlW3LtWiVCaqsziBbqPLG8q62irNZHx6Y68wFXKix7oiQOwPawK XSsUoNFtLA1n5oT7AZLO5zuvnukUN3ka8h9M0d2uSz5pm5tjrKaWeje+l5QFG9hG DASk2yRVxlZWU4JFWQlgoZO6gXLAiXMpSfYe64X1WhRiVdtZgvVDIqMQvnX2WIXs LjES41Q2vrHvBVLH0I62JdfEDsa2HU29i+EpePtPCTmC2hfusfXMmmj7RFbK6Xl/ bDTs7g3copJeWL9rhlVDLRDIMkundX7wE0etXmSCj1IXnTMEubO51QBGGiHyHDKc R9G6NJs+0bd1FxdfoQRhMWCnDda82rWbS5ohdXccM1nA8Z3oV38= =+elt -----END PGP SIGNATURE-----
