Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted jpeg-xl 0.11.2-0.1 (source) into unstable
Date: Sat, 21 Mar 2026 08:33:35 +0000
Signed by: Adrian Bunk <bunk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 13:38:01 +0200
Source: jpeg-xl
Architecture: source
Version: 0.11.2-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 1114914 1123400 1128067 1128068
Changes:
 jpeg-xl (0.11.2-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2025-12474: Decoder read from uninitialized (but allocated)
       memory (Closes: #1128068)
     - CVE-2026-1837: Decoder write to uninitialized unallocated memory
       (Closes: #1128067)
   * Disable a failing test. (Closes: #1123400)
   * Increase the test timeout. (Closes: #1114914)
   * Backport a loong64 FTBFS fix.
Checksums-Sha1:
 2ec6464b3fad683caecb67b494cfa94363f3e886 3199 jpeg-xl_0.11.2-0.1.dsc
 2acaf75909eea67cc7d861a9a918733d5f630db8 1882762 jpeg-xl_0.11.2.orig.tar.gz
 15c94f80eb2d5b8511cbd94d54c48b836247f642 22548 jpeg-xl_0.11.2-0.1.debian.tar.xz
Checksums-Sha256:
 24e0f11be1c7f6cf4e03fb4913a2fe4f04ec4970e561d3e2dbbd71e3aa7a28a7 3199 jpeg-xl_0.11.2-0.1.dsc
 ab38928f7f6248e2a98cc184956021acb927b16a0dee71b4d260dc040a4320ea 1882762 jpeg-xl_0.11.2.orig.tar.gz
 f31146cd85fd4a55142c5e5baccc9e0958a41565f06f1dcde2497abf1bbb518a 22548 jpeg-xl_0.11.2-0.1.debian.tar.xz
Files:
 ac7efc4ee3f63559a68a670bb4f7db26 3199 graphics optional jpeg-xl_0.11.2-0.1.dsc
 eda39db6e7a58b73be9124381862b9d1 1882762 graphics optional jpeg-xl_0.11.2.orig.tar.gz
 3008a8ee3e667a63c5b609b77f2f8516 22548 graphics optional jpeg-xl_0.11.2-0.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmm8C4wACgkQiNJCh6LY
mLHNHQ//UMAUzctrGnkksVjz/t1ZUeBrspbpdCK+FCviXwTvrUQaJrXj7RDdFBIk
U32yKSi5XSd7Gx5Bg7RzzHgptsEmyn3mcKmcEKwEB/edbRND2ahxIf3uS957Ss3p
l0PH60CVGdfqogmuRGMjWVB4w3B9yVJO/Oysk/1Mz8NQwibZrs1auQsnhwoXuguU
ESu/qMh+io8O7GBIxTlO8HqF8sFkXuGvwyd0RnuIwmHA4KVT6pRMU4GktRhXFGdI
uI/jLpdKWWkKDMfZFbgTQPGlNI2cSIz2dnf/A1vNrGST1i1qHh5C1asFr/FXByK1
cvEIz9gK5Mfdb638DoH2hlxJPqPyrMkphBklwJFaN1dsqX51IzaOh2GxBJfSe1L/
VepU1zLUZQ7oFiMTIl3p1qfb3Ja/X5UtxzWfGuYLyKn7u7gpJOUQaJwsMGwtXCEk
fjchupyUD91N1A/89A9BQpKlgOYKSXwEItiKCOBqb2RDuSxLJ9PyUVawV5UMMuG8
ctDujWyu/AL3j+uTMtutMzLF/hvY5v3PT7diu78HuGTgVDPUol0VV14he9lS6XRk
3qiR4m2MD1hneXHdZ4F320NGJB/dg9Xby7g5Ltf67dBh8+LfPe+XI/9dapQrPz6+
2gVjJkUbSF0PJt4CPkXqjvGGh1VSCjDKsnSeTCxbbGJpdzzyQbU=
=KhjL
-----END PGP SIGNATURE-----

News for package jpeg-xl