-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 17 Oct 2025 20:26:34 -0300
Source: libsmb2
Architecture: source
Version: 6.2+dfsg-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org>
Changed-By: Matheus Polkorny <mpolkorny@gmail.com>
Changes:
 libsmb2 (6.2+dfsg-2+deb13u1) trixie; urgency=medium
 .
   * Import upstream patches to fix CVE-2025-57632
     - When processing SMB2 chained PDUs (NextCommand), libsmb2
       repeatedly calls smb2_add_iovector() to append to a
       fixed-size iovec array without checking the upper bound
       of v->niov (SMB2_MAX_VECTORS=256)
   * d/p/CVE-2025-57632-pt*.patch: Import upstream patches to fix CVE
   * d/p/CVE-2025-57632-pt2.patch: Backport patch and Update hunks' offsets
   * d/p/CVE-2025-57632-pt3.patch: Backport patch and Update hunks' offsets
   * d/p/CVE-2025-57632-pt4.patch: Backport patch and Change hunk to
     reflect new code indentation
Checksums-Sha1:
 51c67a17d2a46756024bb78259eef13441111c67 2047 libsmb2_6.2+dfsg-2+deb13u1.dsc
 c263c033f6b51ee02d70207520cfbbef1683fa40 18788 libsmb2_6.2+dfsg-2+deb13u1.debian.tar.xz
 760882a81bc4b4234165fdeb632b92a9c449830e 7580 libsmb2_6.2+dfsg-2+deb13u1_amd64.buildinfo
Checksums-Sha256:
 085d055ebed14ece823fe4096471fcf5bfac5a451239f1ef994a4ba96fe0d958 2047 libsmb2_6.2+dfsg-2+deb13u1.dsc
 42961ed9c86c25e20acaac5ffd07130c57a7fa04aa22599f38b38d1b8b7a8b0d 18788 libsmb2_6.2+dfsg-2+deb13u1.debian.tar.xz
 55d5f11dbe1c687a516b22ba3e7d767408a68a3492decde9b8176d4ecdb46690 7580 libsmb2_6.2+dfsg-2+deb13u1_amd64.buildinfo
Files:
 a6be52146020a752f0249b818fe46599 2047 libs optional libsmb2_6.2+dfsg-2+deb13u1.dsc
 33b8af206582d9cee750eb4fd55acb32 18788 libs optional libsmb2_6.2+dfsg-2+deb13u1.debian.tar.xz
 b12d7e97d89e5f1907d7d416578f3fe0 7580 libs optional libsmb2_6.2+dfsg-2+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmkHTNgACgkQu6n6rcz7
RweMew//SRLXCjby2kTxtxor0IdGRK0dStAxiGLhGZf1mflZlgDNMIWNd694fdrS
ScUlcyqtXRMUMdll5vwTkDHELfCe2gEC8CroOeMF97g5D7PKF+66YTsC9X+u/BYk
OPU7aDCVEozNYGxHBtRDoCk4EBlza3e9Go0PBoa7vtKP0oRJyD45ZilQUz8AlH5E
Tl9kcqAN8SRYF4FXTGYZVj4DiCtqIYO2LdeJqensPDJ6ovvX7bQK6DAwPgv8/rF7
+nyAzZX5BBD/EkH4EcM3PGk8qdeZrfbHJNjYeYOt0nCQIIqOAsBqW3fREFvf3T1J
m0+TVLAsBoivFSyGHUlh4JZgG2F0LL4if6qYnDJ8ugrILYlVWIyYNvE0Ohzwqeps
gV8tDL2OPkhBuLbkgtvKgCZS/ks8ys7dbL0W2aXnqZsRcAkqf4HMDiPgTRm5QknV
qDUm2hTHMABTNSYMVxtJIWe4IFpGPQ6+zQ51b7LhjwzlAgmTA4bfxTlO2sxhyDHv
DHAwuuoNtsT6pubQPy4nwKgV2Ho86UifTJNcN7u2YWewzzvXkMIXRrAa+0Epw0dr
ANmWSghDjZujR3YS6HPXAPvjMYk6B3MoWYqijaoob67+LXDaf5sa590DfDWFQAhV
yvPUWthcDSKJm3exywcOalTlPyT3tUcO61FhFNvSz1NVUxsSaVc=
=Nua6
-----END PGP SIGNATURE-----