Control: tags 1105883 + patch
Control: tags 1105883 + pending
Control: tags 1105885 + patch
Control: tags 1105885 + pending


Dear maintainer,

I've prepared an NMU for libavif (versioned as 1.2.1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should cancel it.

Regards,
Salvatore

diffstat for libavif-1.2.1 libavif-1.2.1

changelog | 12 ++
patches/Add-integer-overflow-check-to-makeRoom.patch | 33 ++++++++
patches/Add-integer-overflow-checks-to-makeRoom.patch | 29 +++++++
patches/Declare-RowBytes-as-size_t-in-avifImageRGBToYUV.patch | 41 ++++++++++
patches/Fix-format-errors.patch | 29 +++++++
patches/series | 4
6 files changed, 148 insertions(+)

diff -Nru libavif-1.2.1/debian/changelog libavif-1.2.1/debian/changelog
--- libavif-1.2.1/debian/changelog 2025-03-20 19:03:55.000000000 +0100
+++ libavif-1.2.1/debian/changelog 2025-05-17 16:03:36.000000000 +0200
@@ -1,3 +1,15 @@
+libavif (1.2.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add integer overflow checks to makeRoom (CVE-2025-48174) (Closes:
+ #1105885)
+ * Add integer overflow check to makeRoom (CVE-2025-48174) (Closes: #1105885) + * Fix format errors (CVE-2025-48174) (Closes: #1105885)
+ * Declare *RowBytes as size_t in avifImageRGBToYUV() (CVE-2025-48175)
+ (Closes: #1105883)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 17 May 2025 16:03:36 +0200 +
libavif (1.2.1-1) unstable; urgency=medium

* New upstream release.
diff -Nru libavif-1.2.1/debian/patches/Add-integer-overflow-check-to-makeRoom.patch libavif-1.2.1/debian/patches/Add-integer-overflow-check-to-makeRoom.patch
--- libavif-1.2.1/debian/patches/Add-integer-overflow-check-to-makeRoom.patch 1970-01-01 01:00:00.000000000 +0100
+++ libavif-1.2.1/de