Your message dated Sun, 10 May 2026 16:35:05 +0000
with message-id <[email protected]>
and subject line Bug#1131147: fixed in kissfft 131.1.0-4.1~deb12u1
has caused the Debian Bug report #1131147,
regarding kissfft: CVE-2025-34297
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131147
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kissfft
Version: 131.1.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/mborgerding/kissfft/issues/120
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for kissfft.
CVE-2025-34297[0]:
| KissFFT versions prior to the fix commit 1b083165 contain an integer
| overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t
| is 32-bit. The nfft parameter is not validated before being used in
| a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can
| wrap to a small value when nfft is large. As a result, malloc()
| allocates an undersized buffer and the subsequent twiddle-factor
| initialization loop writes nfft elements, causing a heap buffer
| overflow. This vulnerability only affects 32-bit architectures.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-34297
https://www.cve.org/CVERecord?id=CVE-2025-34297
[1] https://github.com/mborgerding/kissfft/issues/120
[2]
https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kissfft
Source-Version: 131.1.0-4.1~deb12u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
kissfft, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated kissfft package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 May 2026 17:40:20 +0300
Source: kissfft
Architecture: source
Version: 131.1.0-4.1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1131147 1134493
Changes:
kissfft (131.1.0-4.1~deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bookworm.
- Drop the CMake 4 fix.
.
kissfft (131.1.0-4.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-34297: Integer Overflow on 32-bit Systems
(Closes: #1131147)
* CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc()
(Closes: #1134493)
.
kissfft (131.1.0-4) unstable; urgency=medium
.
* Team upload.
.
[ Vasyl Gello ]
* Fix lintian warnings
.
[ Dylan Aïssi ]
* Cherry-pick upstream patch to improve compatibility with cmake 4
* Update debian/salsa-ci.yml
* Switch Build-Dep from pkg-config to pkgconf
* Standards-Version: 4.7.2 (routine-update)
Checksums-Sha1:
e1613d697f8d2e15d2da79c8d6c3ecd04b53c93b 2175 kissfft_131.1.0-4.1~deb12u1.dsc
4da8333e0bcb66a42faedbf580dd991cc456ff69 9224
kissfft_131.1.0-4.1~deb12u1.debian.tar.xz
Checksums-Sha256:
f1127030755a796521f8f0977f448a5c450d00e743cf316333c3bc860e137eb2 2175
kissfft_131.1.0-4.1~deb12u1.dsc
bf7fe2596084b0a8b7e0486d9947cfd3216c4dac37924f266524ffae1de107e9 9224
kissfft_131.1.0-4.1~deb12u1.debian.tar.xz
Files:
299244fc4bff63448dd5cbc9c46f1a0e 2175 libs optional
kissfft_131.1.0-4.1~deb12u1.dsc
d2ee28ce40f7e94086ad91109fa1e74a 9224 libs optional
kissfft_131.1.0-4.1~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn/SbgACgkQiNJCh6LY
mLHobw/9FjM+M1ITvqqYJdWycRyReyrF4zhwJ3zHJiFkqri+0P2IPAdB9mrm7Zqb
CXqauJTq6yzZ1MNwQob09mXj+oNC1zaaygY97Dp+X/861pKIkra60O4GATtQJ7hG
fKmv2yhDbQxgaaRuhGkF0r/hfXXzPJgyxFEHFZydsnQTC2sN/yrKcJtywaywjucv
QhVw45fK7omhxhDpSwLKxLwi9fQtIlbSlB5KnEGVSqfefa2VkHaGusHcbQsrbU3N
JMTmVHcIKy3qYG3vhMe810TMm+PLpy2L5jUuZfKhpFs5wcls6QBVwNtKuXeyTpUZ
XCyp+fKIVwH6H2f6dFZAXZB7/lHkyS4W8J8sWe5Vx4G7M9jVFF+R2F45hgifPwZg
wt8tHQVKPiHe2W8/vz9CvcJ4PDF+9CNLPvJJpIqIcvkgChMo5vsedB4+5ZVQiDCW
yf4Kcux9s7yu652pjZiuOMmcXhUZ9447CfC2A8VLn99nNkQY1C4GdoPn4OU2Gzya
B6OvdmdHJx+7vyl6ABDa/MTimXmzK7GCmjQKPqKLQNNmXUfZLKlJB7mQ3FyrUv9o
SAtz6qZlxFhn7hUSWoqb6XV7ctcx61Lt0Z7Sc5TTy2+gDwILJO304r78rfpydVaM
fWuj+k3OCVNZ0/Pq15esIiEMfgPTVPwTRGcsBJuuXOcnqjjgqsc=
=VvX9
-----END PGP SIGNATURE-----
pgpi3JhC61vfA.pgp
Description: PGP signature
--- End Message ---
