Your message dated Fri, 05 Jun 2026 08:10:23 +0000
with message-id <[email protected]>
and subject line Bug#1116462: fixed in openbabel 3.2.0+dfsg-1~exp
has caused the Debian Bug report #1116462,
regarding openbabel: CVE-2025-10994 CVE-2025-10995 CVE-2025-10996
CVE-2025-10997 CVE-2025-10998 CVE-2025-10999 CVE-2025-11000
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1116462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116462
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openbabel
Version: 3.1.1+dfsg-12
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.1.1+dfsg-9
Hi,
The following vulnerabilities were published for openbabel.
CVE-2025-10994[0]:
| A weakness has been identified in Open Babel up to 3.1.1. This
| affects the function GAMESSOutputFormat::ReadMolecule of the file
| gamessformat.cpp. This manipulation causes use after free. It is
| possible to launch the attack on the local host. The exploit has
| been made available to the public and could be exploited.
CVE-2025-10995[1]:
| A security vulnerability has been detected in Open Babel up to
| 3.1.1. This vulnerability affects the function
| zlib_stream::basic_unzip_streambuf::underflow in the library
| /src/zipstreamimpl.h. Such manipulation leads to memory corruption.
| Local access is required to approach this attack. The exploit has
| been disclosed publicly and may be used.
CVE-2025-10996[2]:
| A vulnerability was detected in Open Babel up to 3.1.1. This issue
| affects the function OBSmilesParser::ParseSmiles of the file
| /src/formats/smilesformat.cpp. Performing manipulation results in
| heap-based buffer overflow. The attack needs to be approached
| locally. The exploit is now public and may be used.
CVE-2025-10997[3]:
| A flaw has been found in Open Babel up to 3.1.1. Impacted is the
| function ChemKinFormat::CheckSpecies of the file
| /src/formats/chemkinformat.cpp. Executing manipulation can lead to
| heap-based buffer overflow. The attack can only be executed locally.
| The exploit has been published and may be used.
CVE-2025-10998[4]:
| A vulnerability has been found in Open Babel up to 3.1.1. The
| affected element is the function
| ChemKinFormat::ReadReactionQualifierLines of the file
| /src/formats/chemkinformat.cpp. The manipulation leads to null
| pointer dereference. The attack can only be performed from a local
| environment. The exploit has been disclosed to the public and may be
| used.
CVE-2025-10999[5]:
| A vulnerability was found in Open Babel up to 3.1.1. The impacted
| element is the function CacaoFormat::SetHilderbrandt of the file
| /src/formats/cacaoformat.cpp. The manipulation results in null
| pointer dereference. The attack is only possible with local access.
| The exploit has been made public and could be used.
CVE-2025-11000[6]:
| A vulnerability was determined in Open Babel up to 3.1.1. This
| affects the function PQSFormat::ReadMolecule of the file
| /src/formats/PQSformat.cpp. This manipulation causes null pointer
| dereference. The attack is restricted to local execution. The
| exploit has been publicly disclosed and may be utilized.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10994
https://www.cve.org/CVERecord?id=CVE-2025-10994
[1] https://security-tracker.debian.org/tracker/CVE-2025-10995
https://www.cve.org/CVERecord?id=CVE-2025-10995
[2] https://security-tracker.debian.org/tracker/CVE-2025-10996
https://www.cve.org/CVERecord?id=CVE-2025-10996
[3] https://security-tracker.debian.org/tracker/CVE-2025-10997
https://www.cve.org/CVERecord?id=CVE-2025-10997
[4] https://security-tracker.debian.org/tracker/CVE-2025-10998
https://www.cve.org/CVERecord?id=CVE-2025-10998
[5] https://security-tracker.debian.org/tracker/CVE-2025-10999
https://www.cve.org/CVERecord?id=CVE-2025-10999
[6] https://security-tracker.debian.org/tracker/CVE-2025-11000
https://www.cve.org/CVERecord?id=CVE-2025-11000
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openbabel
Source-Version: 3.2.0+dfsg-1~exp
Done: Andrius Merkys <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openbabel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrius Merkys <[email protected]> (supplier of updated openbabel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 May 2026 03:58:19 -0400
Source: openbabel
Binary: libchemistry-openbabel-perl libchemistry-openbabel-perl-dbgsym
libopenbabel-dev libopenbabel-doc libopenbabel8 libopenbabel8-dbgsym openbabel
openbabel-dbgsym openbabel-gui openbabel-gui-dbgsym python3-openbabel
python3-openbabel-dbgsym
Architecture: source amd64 all
Version: 3.2.0+dfsg-1~exp
Distribution: experimental
Urgency: medium
Maintainer: Debichem Team <[email protected]>
Changed-By: Andrius Merkys <[email protected]>
Description:
libchemistry-openbabel-perl - Chemical toolbox library (perl bindings)
libopenbabel-dev - Chemical toolbox library (development files)
libopenbabel-doc - Chemical toolbox library (documentation)
libopenbabel8 - Chemical toolbox library
openbabel - Chemical toolbox utilities (cli)
openbabel-gui - Chemical toolbox utilities (graphical user interface)
python3-openbabel - Chemical toolbox library (Python bindings)
Closes: 1059277 1116462 1129566
Changes:
openbabel (3.2.0+dfsg-1~exp) experimental; urgency=medium
.
* New upstream release (Closes: #1059277, #1116462, #1129566)
[CVE-2022-37331, CVE-2022-41793, CVE-2022-42885, CVE-2022-43467,
CVE-2022-43607, CVE-2022-44451, CVE-2022-46280, CVE-2022-46289,
CVE-2022-46290, CVE-2022-46291, CVE-2022-46292, CVE-2022-46293,
CVE-2022-46294, CVE-2022-46295, CVE-2025-10994, CVE-2025-10995,
CVE-2025-10996, CVE-2025-10997, CVE-2025-10998, CVE-2025-10999,
CVE-2025-11000, CVE-2026-2704, CVE-2026-2705, CVE-2026-3408]
Checksums-Sha1:
785e1313afe8fc84698ac8549a88427656bf9c2c 2830 openbabel_3.2.0+dfsg-1~exp.dsc
4166a731502954fcd2a5e64508f066921c162a88 20938620
openbabel_3.2.0+dfsg.orig.tar.xz
8b5437984e41da6cf5779a3ff36157b1d04dac4c 19120
openbabel_3.2.0+dfsg-1~exp.debian.tar.xz
4f4d48aaa0ea86347411aca673b389f2df751dba 5239312
libchemistry-openbabel-perl-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
4f54e539b5a46bb496f83d8d1b72327fca9df2de 707632
libchemistry-openbabel-perl_3.2.0+dfsg-1~exp_amd64.deb
2489aa891fd9a0fb4283400b5c340f4633674153 180500
libopenbabel-dev_3.2.0+dfsg-1~exp_amd64.deb
7bfae7123d407a2a8340861789fbd000edbfdd68 6398612
libopenbabel-doc_3.2.0+dfsg-1~exp_all.deb
35f80aef9d20cbb026eaf70433662c08c662dd39 47153852
libopenbabel8-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
d28c44678316cbef2265f3bcc8f2ed592ec5b43c 3494444
libopenbabel8_3.2.0+dfsg-1~exp_amd64.deb
800a9202fe222c6a91ff043b3b19c50412b7858c 1001168
openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
13ee06f95214407d8f2fdd29e7fa23e9e28ed6b0 904072
openbabel-gui-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
88543af7d2e0fdbb9de23f40e442099c787f3577 84184
openbabel-gui_3.2.0+dfsg-1~exp_amd64.deb
704ee6668b360f72959617fc6007d47f0abf4500 26511
openbabel_3.2.0+dfsg-1~exp_amd64.buildinfo
ca88c7e05fd40be6a049204d07fcf7f307e7dc7f 128088
openbabel_3.2.0+dfsg-1~exp_amd64.deb
2edc0582f5072c0cc85526218b6dc6b55716fc9f 5483800
python3-openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
d8c01bf5fb8ab07a01ba65084dd1455d86482906 652272
python3-openbabel_3.2.0+dfsg-1~exp_amd64.deb
Checksums-Sha256:
a8ed225b940cb4f1fc6949d3b82b19cea193e99169a396dbf2362d4e84cc9faa 2830
openbabel_3.2.0+dfsg-1~exp.dsc
6e26bfdcf081f61f3198434e52ee90d6963dc7750b15bc2eb3be863a54e13d8f 20938620
openbabel_3.2.0+dfsg.orig.tar.xz
a05ceb6efb62e37c5f81fc91611e7d0946ccc0222b79616b93cedcbce1745a79 19120
openbabel_3.2.0+dfsg-1~exp.debian.tar.xz
9d29725096de93801c78b981ccf7db8ef91ce80ca5fde45c62792fda386f5980 5239312
libchemistry-openbabel-perl-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
87239e1f8380bf41bd92804f01943b68238f6951443674679b4caa8bceb46fbe 707632
libchemistry-openbabel-perl_3.2.0+dfsg-1~exp_amd64.deb
c7781f6f49b0347964abcf717c24523587138c2fddf51534daf78d531d301229 180500
libopenbabel-dev_3.2.0+dfsg-1~exp_amd64.deb
e7609bedded164e8634140e791da8c45179d4139474f3d5c5cd701fe95078ca6 6398612
libopenbabel-doc_3.2.0+dfsg-1~exp_all.deb
bd90bf15bb5b906e7b8ef9993b86ec19d688a20ffbe051b211df3c12372d3e12 47153852
libopenbabel8-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
68dc4fbfe689ed83a7cb9136d984f63a738183a600217f38ff10f146720bd65b 3494444
libopenbabel8_3.2.0+dfsg-1~exp_amd64.deb
41df517a24fe80e65363dbe6d8c3d93b9b482b2408637ac502e8e6f035f480d6 1001168
openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
3e2318cbfc28ada5a2e826848691c7dad4435d84c2ec4cf63c3086627baa4f16 904072
openbabel-gui-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
2d8042ad46278be99b2d5a8a7ecb9a4d7968ae8de948c4492299a5080c90b82a 84184
openbabel-gui_3.2.0+dfsg-1~exp_amd64.deb
4fdd89c5828d5aff4c61f6daa0aac1aa75524a9009198190b3fe57623ffd468a 26511
openbabel_3.2.0+dfsg-1~exp_amd64.buildinfo
24c7de2bd37d97af8b31d7b7239b366254ce9338c2ce528b2a3597f6a9b29ada 128088
openbabel_3.2.0+dfsg-1~exp_amd64.deb
e7d28cacb2b949c8383ccaae531df1cf406dc16cd29df51a372d138b84473f0c 5483800
python3-openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
27e984b61fcd2165926a44911a78fbde63e54060eefa40ecbebe9559616bf08c 652272
python3-openbabel_3.2.0+dfsg-1~exp_amd64.deb
Files:
8d93d8f8f677b65b5f93ebe5d2832561 2830 science optional
openbabel_3.2.0+dfsg-1~exp.dsc
26ff3ac145600a1db24ce7d6a858b4bd 20938620 science optional
openbabel_3.2.0+dfsg.orig.tar.xz
01200c0815f86f0e37f20647a32d3c60 19120 science optional
openbabel_3.2.0+dfsg-1~exp.debian.tar.xz
4b7d3bc4c5f0acefb1808bc96212c5e2 5239312 debug optional
libchemistry-openbabel-perl-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
add99a5bb333196520f96055e40f3c9a 707632 perl optional
libchemistry-openbabel-perl_3.2.0+dfsg-1~exp_amd64.deb
eabe58652c2825169f91a409a4b311f7 180500 libdevel optional
libopenbabel-dev_3.2.0+dfsg-1~exp_amd64.deb
ec808997f13e563d95df2b6aac051679 6398612 doc optional
libopenbabel-doc_3.2.0+dfsg-1~exp_all.deb
1040158ae3a79af3b2e650cce28af5cb 47153852 debug optional
libopenbabel8-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
7bd4463a15dbb637c4c782075424c3a9 3494444 libs optional
libopenbabel8_3.2.0+dfsg-1~exp_amd64.deb
2827b12bec77c47b08494faa07cadd4f 1001168 debug optional
openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
1c5a22deb449bd3c1988520adc446405 904072 debug optional
openbabel-gui-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
60028958a8fa5e32b75437170f4d37d0 84184 science optional
openbabel-gui_3.2.0+dfsg-1~exp_amd64.deb
0a8bd02b5d62abf2f1fa1cbe612063f3 26511 science optional
openbabel_3.2.0+dfsg-1~exp_amd64.buildinfo
454a3b79ec7e8c78bac98f08c50dd3d3 128088 science optional
openbabel_3.2.0+dfsg-1~exp_amd64.deb
bbe9c3aa8e20491a93429d55cb331008 5483800 debug optional
python3-openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
ffdad55f0489f44fec2bb1ccdcb78dbb 652272 python optional
python3-openbabel_3.2.0+dfsg-1~exp_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEdyKS9veshfrgQdQe5fQ/nCc08ocFAmohPVESHG1lcmt5c0Bk
ZWJpYW4ub3JnAAoJEOX0P5wnNPKHiRwQAJG8kvbdAO0ga1xJqEWHqqlg31q541A1
lZjIWqliMuavGtE49Q82VUrrrt5traaD+KoROoUXh0reuq0LhpyYXSw8rClLJyPU
rIebIUtlN8DNRvZ/89OQsuSFj+ArnWssTpog3R2Ln8owqCXHnGCx193CNwny0VRt
2iXwu+y6k6zuAt4QYiBcbdGWWgePDSZyylIOoR/e8/fFkMKgKEQ0CNKVVOGosSUD
zge+ZeBt/IABkfYeiRvIel0TPCu4MEADURBzEI/8cpTPfrgG0F7MMLllhAOiPGXT
3H8HfTi3WToJ3yx14MxAhmasV5QJ3JCG+m0gPVfszPbCgq+RVCgQA9Z7VHliKGSH
RF5M3fcRU0FZiyGTC83aVn+mpynVkV69flLNdZ2PftUwyJGCEu9/z5C3KbI/RM4C
Y81sYl3BYSL8EVA8hl5uvMmz3kSxPHHYa+et4WgoSGjGfgPlyk70oo8rJqGl8V8x
l38x9ASVOFs/SEucfJF659RpSZB3rHfyjxVECSkFyfJQMiFk2mRyXmQPDXduvqJN
qEDUCc/ZgqTK/JepDm2cjwfYTy1u5/ajtUHg0zAXjwrfFWyJiDRyLrPo2OUvo0Vi
7eDXFNNyKNcFdww+e1aWrGdQfWf7imJJGeFcANw6wiM3/lHRB294fC1DXYUhF7/H
qLsf37NYfDv5
=eQaP
-----END PGP SIGNATURE-----
pgpVnWlAbJ9OK.pgp
Description: PGP signature
--- End Message ---
