-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Nov 2025 10:45:05 +0100
Source: cups-filters
Architecture: source
Version: 1.28.17-6+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1120698 1120704
Changes:
 cups-filters (1.28.17-6+deb13u1) trixie; urgency=medium
 .
   * CVE-2025-64503
     fix an out of bounds write vulnerability when processing crafted
     PDF files containing a large 'Mediabox' value.
     (Closes: #1120698)
 .
   * CVE-2025-57812
     fix an out of bounds read/write vulnerability in the processing
     of TIFF image files.
     (Closes: #1120704)
 .
   * CVE-2025-64524
     fix infinite loop with crafted input raster file, that resuls
     into a heap buffer overflow
Checksums-Sha1:
 84f27436b452fb3301e7d621c1c054d11e818987 3060 cups-filters_1.28.17-6+deb13u1.dsc
 8e7ebd3b8301ee7c1fc7f87f1099fe41e7352dfc 90936 cups-filters_1.28.17-6+deb13u1.debian.tar.xz
 bbc81c949fdfa783bc170a4389c862b385aa9eb5 10425 cups-filters_1.28.17-6+deb13u1_source.buildinfo
Checksums-Sha256:
 c1e4c53ba2be5a86a623f59228c47341ffaa49cd171f3241876cd4dab57ee727 3060 cups-filters_1.28.17-6+deb13u1.dsc
 370b1bddc4b0a5393698d19bfb80761648e4ccb6f111e94c00ddd36e423b34b2 90936 cups-filters_1.28.17-6+deb13u1.debian.tar.xz
 1d8b62663352ec193e3b9a1ec99a935f84956d591522764ef55bec9020c111cc 10425 cups-filters_1.28.17-6+deb13u1_source.buildinfo
Files:
 3d71c3261fce42ce1974ed3d12bf2583 3060 net optional cups-filters_1.28.17-6+deb13u1.dsc
 bdd8dc16b8ba6b94786f7b34c1e7906d 90936 net optional cups-filters_1.28.17-6+deb13u1.debian.tar.xz
 08f63c741da1e396ee5b1958c5fef3cd 10425 net optional cups-filters_1.28.17-6+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmkfMxdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR/6pEACvhttgXFhVZPnPFGzbuVQi6CVXAmUH
p+K9ya0cp9z5eAL17mKeFAn1/hTxdjP/HtjLsOvNBWHin2Vg5eesgGe2QuU3RJf+
PF6u1Rh4RbSv5jfFmEtZI4Rjf3NeEIqcvnbeo2CoyrBdEcIOwO9v66D3k5yuorKC
NFu0/3Z6+6Eif6Odk3OrVg3vmzDmZFTWV2zt/E0mgdtQHSePCQaxp4OK/WlinS/K
m1ltYgHxG28ciWNvET/BpCmI/prA940j+Q3gT1n4d/hM0dJIzRoazZ66Q2sHbQaY
1nhENVkLGCrj4iT65MkRovI6Pc1BfpOqCgULASFi06Jiw9FurFnUupPBnBKNaojf
vpesJOiYbLYNva4nDF62oohZin8eho+Jdu6Qbz6GgJsIBuYCPaQKI73VkLTYYAhS
28k28P07OACK1Se7jbTYzsEUAQnCWOIUx1e/anhL0YSnqtCVC6TcoBRy6MolfMU9
Dt9u4z5Yb2mTTXBZttRsxDKlrtRkNmMpYkSvMZ9sN9yBo52rcnWkXYUASOJQiH20
5866dWjvL+BowozzyTl3Ce48T0MmoIGClg9wBFnw6D+nyHt4GDjz4zyOlG27H8wf
QVG5F+cM63y8kQa2/GyRlH+znSFRQAuvk25tDuSo6/AX3npQbqVwUp72ZjxU03no
Fdp4lIYabxDT2Q==
=0bU/
-----END PGP SIGNATURE-----