Your message dated Fri, 05 Jun 2026 08:10:23 +0000
with message-id <[email protected]>
and subject line Bug#1129566: fixed in openbabel 3.2.0+dfsg-1~exp
has caused the Debian Bug report #1129566,
regarding openbabel: CVE-2026-2704 CVE-2026-2705 CVE-2026-3408
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1129566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129566
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openbabel
Version: 3.1.1+dfsg-12
Severity: important
Tags: security upstream
Forwarded: https://github.com/openbabel/openbabel/issues/2848
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for openbabel.
CVE-2026-2704[0]:
| A security vulnerability has been detected in Open Babel up to
| 3.1.1. The affected element is the function
| OpenBabel::transform3d::DescribeAsString of the file
| src/math/transform3d.cpp of the component CIF File Handler. The
| manipulation leads to out-of-bounds read. It is possible to initiate
| the attack remotely. The exploit has been disclosed publicly and may
| be used. The identifier of the patch is
| e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is suggested to install
| a patch to address this issue. The project was informed of the
| problem early through an issue report but has not responded yet.
CVE-2026-2705[1]:
| A vulnerability was detected in Open Babel up to 3.1.1. The impacted
| element is the function OBAtom::SetFormalCharge in the library
| include/openbabel/atom.h of the component MOL2 File Handler. The
| manipulation results in out-of-bounds read. It is possible to launch
| the attack remotely. The exploit is now public and may be used. The
| patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A
| patch should be applied to remediate this issue. The project was
| informed of the problem early through an issue report but has not
| responded yet.
CVE-2026-3408[2]:
| A vulnerability was identified in Open Babel up to 3.1.1. This
| impacts the function OBAtom::GetExplicitValence of the file
| isrc/atom.cpp of the component CDXML File Handler. Such manipulation
| leads to null pointer dereference. The attack can be launched
| remotely. The exploit is publicly available and might be used. The
| name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is
| best practice to apply a patch to resolve this issue.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-2704
https://www.cve.org/CVERecord?id=CVE-2026-2704
[1] https://security-tracker.debian.org/tracker/CVE-2026-2705
https://www.cve.org/CVERecord?id=CVE-2026-2705
[2] https://security-tracker.debian.org/tracker/CVE-2026-3408
https://www.cve.org/CVERecord?id=CVE-2026-3408
[3] https://github.com/openbabel/openbabel/issues/2848
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openbabel
Source-Version: 3.2.0+dfsg-1~exp
Done: Andrius Merkys <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openbabel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrius Merkys <[email protected]> (supplier of updated openbabel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 May 2026 03:58:19 -0400
Source: openbabel
Binary: libchemistry-openbabel-perl libchemistry-openbabel-perl-dbgsym
libopenbabel-dev libopenbabel-doc libopenbabel8 libopenbabel8-dbgsym openbabel
openbabel-dbgsym openbabel-gui openbabel-gui-dbgsym python3-openbabel
python3-openbabel-dbgsym
Architecture: source amd64 all
Version: 3.2.0+dfsg-1~exp
Distribution: experimental
Urgency: medium
Maintainer: Debichem Team <[email protected]>
Changed-By: Andrius Merkys <[email protected]>
Description:
libchemistry-openbabel-perl - Chemical toolbox library (perl bindings)
libopenbabel-dev - Chemical toolbox library (development files)
libopenbabel-doc - Chemical toolbox library (documentation)
libopenbabel8 - Chemical toolbox library
openbabel - Chemical toolbox utilities (cli)
openbabel-gui - Chemical toolbox utilities (graphical user interface)
python3-openbabel - Chemical toolbox library (Python bindings)
Closes: 1059277 1116462 1129566
Changes:
openbabel (3.2.0+dfsg-1~exp) experimental; urgency=medium
.
* New upstream release (Closes: #1059277, #1116462, #1129566)
[CVE-2022-37331, CVE-2022-41793, CVE-2022-42885, CVE-2022-43467,
CVE-2022-43607, CVE-2022-44451, CVE-2022-46280, CVE-2022-46289,
CVE-2022-46290, CVE-2022-46291, CVE-2022-46292, CVE-2022-46293,
CVE-2022-46294, CVE-2022-46295, CVE-2025-10994, CVE-2025-10995,
CVE-2025-10996, CVE-2025-10997, CVE-2025-10998, CVE-2025-10999,
CVE-2025-11000, CVE-2026-2704, CVE-2026-2705, CVE-2026-3408]
Checksums-Sha1:
785e1313afe8fc84698ac8549a88427656bf9c2c 2830 openbabel_3.2.0+dfsg-1~exp.dsc
4166a731502954fcd2a5e64508f066921c162a88 20938620
openbabel_3.2.0+dfsg.orig.tar.xz
8b5437984e41da6cf5779a3ff36157b1d04dac4c 19120
openbabel_3.2.0+dfsg-1~exp.debian.tar.xz
4f4d48aaa0ea86347411aca673b389f2df751dba 5239312
libchemistry-openbabel-perl-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
4f54e539b5a46bb496f83d8d1b72327fca9df2de 707632
libchemistry-openbabel-perl_3.2.0+dfsg-1~exp_amd64.deb
2489aa891fd9a0fb4283400b5c340f4633674153 180500
libopenbabel-dev_3.2.0+dfsg-1~exp_amd64.deb
7bfae7123d407a2a8340861789fbd000edbfdd68 6398612
libopenbabel-doc_3.2.0+dfsg-1~exp_all.deb
35f80aef9d20cbb026eaf70433662c08c662dd39 47153852
libopenbabel8-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
d28c44678316cbef2265f3bcc8f2ed592ec5b43c 3494444
libopenbabel8_3.2.0+dfsg-1~exp_amd64.deb
800a9202fe222c6a91ff043b3b19c50412b7858c 1001168
openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
13ee06f95214407d8f2fdd29e7fa23e9e28ed6b0 904072
openbabel-gui-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
88543af7d2e0fdbb9de23f40e442099c787f3577 84184
openbabel-gui_3.2.0+dfsg-1~exp_amd64.deb
704ee6668b360f72959617fc6007d47f0abf4500 26511
openbabel_3.2.0+dfsg-1~exp_amd64.buildinfo
ca88c7e05fd40be6a049204d07fcf7f307e7dc7f 128088
openbabel_3.2.0+dfsg-1~exp_amd64.deb
2edc0582f5072c0cc85526218b6dc6b55716fc9f 5483800
python3-openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
d8c01bf5fb8ab07a01ba65084dd1455d86482906 652272
python3-openbabel_3.2.0+dfsg-1~exp_amd64.deb
Checksums-Sha256:
a8ed225b940cb4f1fc6949d3b82b19cea193e99169a396dbf2362d4e84cc9faa 2830
openbabel_3.2.0+dfsg-1~exp.dsc
6e26bfdcf081f61f3198434e52ee90d6963dc7750b15bc2eb3be863a54e13d8f 20938620
openbabel_3.2.0+dfsg.orig.tar.xz
a05ceb6efb62e37c5f81fc91611e7d0946ccc0222b79616b93cedcbce1745a79 19120
openbabel_3.2.0+dfsg-1~exp.debian.tar.xz
9d29725096de93801c78b981ccf7db8ef91ce80ca5fde45c62792fda386f5980 5239312
libchemistry-openbabel-perl-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
87239e1f8380bf41bd92804f01943b68238f6951443674679b4caa8bceb46fbe 707632
libchemistry-openbabel-perl_3.2.0+dfsg-1~exp_amd64.deb
c7781f6f49b0347964abcf717c24523587138c2fddf51534daf78d531d301229 180500
libopenbabel-dev_3.2.0+dfsg-1~exp_amd64.deb
e7609bedded164e8634140e791da8c45179d4139474f3d5c5cd701fe95078ca6 6398612
libopenbabel-doc_3.2.0+dfsg-1~exp_all.deb
bd90bf15bb5b906e7b8ef9993b86ec19d688a20ffbe051b211df3c12372d3e12 47153852
libopenbabel8-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
68dc4fbfe689ed83a7cb9136d984f63a738183a600217f38ff10f146720bd65b 3494444
libopenbabel8_3.2.0+dfsg-1~exp_amd64.deb
41df517a24fe80e65363dbe6d8c3d93b9b482b2408637ac502e8e6f035f480d6 1001168
openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
3e2318cbfc28ada5a2e826848691c7dad4435d84c2ec4cf63c3086627baa4f16 904072
openbabel-gui-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
2d8042ad46278be99b2d5a8a7ecb9a4d7968ae8de948c4492299a5080c90b82a 84184
openbabel-gui_3.2.0+dfsg-1~exp_amd64.deb
4fdd89c5828d5aff4c61f6daa0aac1aa75524a9009198190b3fe57623ffd468a 26511
openbabel_3.2.0+dfsg-1~exp_amd64.buildinfo
24c7de2bd37d97af8b31d7b7239b366254ce9338c2ce528b2a3597f6a9b29ada 128088
openbabel_3.2.0+dfsg-1~exp_amd64.deb
e7d28cacb2b949c8383ccaae531df1cf406dc16cd29df51a372d138b84473f0c 5483800
python3-openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
27e984b61fcd2165926a44911a78fbde63e54060eefa40ecbebe9559616bf08c 652272
python3-openbabel_3.2.0+dfsg-1~exp_amd64.deb
Files:
8d93d8f8f677b65b5f93ebe5d2832561 2830 science optional
openbabel_3.2.0+dfsg-1~exp.dsc
26ff3ac145600a1db24ce7d6a858b4bd 20938620 science optional
openbabel_3.2.0+dfsg.orig.tar.xz
01200c0815f86f0e37f20647a32d3c60 19120 science optional
openbabel_3.2.0+dfsg-1~exp.debian.tar.xz
4b7d3bc4c5f0acefb1808bc96212c5e2 5239312 debug optional
libchemistry-openbabel-perl-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
add99a5bb333196520f96055e40f3c9a 707632 perl optional
libchemistry-openbabel-perl_3.2.0+dfsg-1~exp_amd64.deb
eabe58652c2825169f91a409a4b311f7 180500 libdevel optional
libopenbabel-dev_3.2.0+dfsg-1~exp_amd64.deb
ec808997f13e563d95df2b6aac051679 6398612 doc optional
libopenbabel-doc_3.2.0+dfsg-1~exp_all.deb
1040158ae3a79af3b2e650cce28af5cb 47153852 debug optional
libopenbabel8-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
7bd4463a15dbb637c4c782075424c3a9 3494444 libs optional
libopenbabel8_3.2.0+dfsg-1~exp_amd64.deb
2827b12bec77c47b08494faa07cadd4f 1001168 debug optional
openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
1c5a22deb449bd3c1988520adc446405 904072 debug optional
openbabel-gui-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
60028958a8fa5e32b75437170f4d37d0 84184 science optional
openbabel-gui_3.2.0+dfsg-1~exp_amd64.deb
0a8bd02b5d62abf2f1fa1cbe612063f3 26511 science optional
openbabel_3.2.0+dfsg-1~exp_amd64.buildinfo
454a3b79ec7e8c78bac98f08c50dd3d3 128088 science optional
openbabel_3.2.0+dfsg-1~exp_amd64.deb
bbe9c3aa8e20491a93429d55cb331008 5483800 debug optional
python3-openbabel-dbgsym_3.2.0+dfsg-1~exp_amd64.deb
ffdad55f0489f44fec2bb1ccdcb78dbb 652272 python optional
python3-openbabel_3.2.0+dfsg-1~exp_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEdyKS9veshfrgQdQe5fQ/nCc08ocFAmohPVESHG1lcmt5c0Bk
ZWJpYW4ub3JnAAoJEOX0P5wnNPKHiRwQAJG8kvbdAO0ga1xJqEWHqqlg31q541A1
lZjIWqliMuavGtE49Q82VUrrrt5traaD+KoROoUXh0reuq0LhpyYXSw8rClLJyPU
rIebIUtlN8DNRvZ/89OQsuSFj+ArnWssTpog3R2Ln8owqCXHnGCx193CNwny0VRt
2iXwu+y6k6zuAt4QYiBcbdGWWgePDSZyylIOoR/e8/fFkMKgKEQ0CNKVVOGosSUD
zge+ZeBt/IABkfYeiRvIel0TPCu4MEADURBzEI/8cpTPfrgG0F7MMLllhAOiPGXT
3H8HfTi3WToJ3yx14MxAhmasV5QJ3JCG+m0gPVfszPbCgq+RVCgQA9Z7VHliKGSH
RF5M3fcRU0FZiyGTC83aVn+mpynVkV69flLNdZ2PftUwyJGCEu9/z5C3KbI/RM4C
Y81sYl3BYSL8EVA8hl5uvMmz3kSxPHHYa+et4WgoSGjGfgPlyk70oo8rJqGl8V8x
l38x9ASVOFs/SEucfJF659RpSZB3rHfyjxVECSkFyfJQMiFk2mRyXmQPDXduvqJN
qEDUCc/ZgqTK/JepDm2cjwfYTy1u5/ajtUHg0zAXjwrfFWyJiDRyLrPo2OUvo0Vi
7eDXFNNyKNcFdww+e1aWrGdQfWf7imJJGeFcANw6wiM3/lHRB294fC1DXYUhF7/H
qLsf37NYfDv5
=eQaP
-----END PGP SIGNATURE-----
pgp4TaHGMomHT.pgp
Description: PGP signature
--- End Message ---
