Bug#1139665: trixie-pu: package skanpage/25.04.2-1+deb13u1

Wed, 10 Jun 2026 14:20:29 -0700 

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:skanpage
User: [email protected]
Usertags: pu

Fixes a minor security issue in Skanpage. Tested on a Plasma trixie desktop.
Debdiff below.

Cheers,
        Moritz

diff -Nru skanpage-25.04.2/debian/changelog skanpage-25.04.2/debian/changelog
--- skanpage-25.04.2/debian/changelog   2025-06-09 23:25:06.000000000 +0200
+++ skanpage-25.04.2/debian/changelog   2026-06-08 23:01:32.000000000 +0200
@@ -1,3 +1,9 @@
+skanpage (25.04.2-1+deb13u1) trixie; urgency=medium
+
+  * CVE-2025-55174 (Closes: #1121443)
+
+ -- Moritz Mühlenhoff <[email protected]>  Mon, 08 Jun 2026 23:01:32 +0200
+
 skanpage (25.04.2-1) unstable; urgency=medium
 
   [ Aurélien COUDERC ]
diff -Nru skanpage-25.04.2/debian/patches/CVE-2025-55174.patch 
skanpage-25.04.2/debian/patches/CVE-2025-55174.patch
--- skanpage-25.04.2/debian/patches/CVE-2025-55174.patch        1970-01-01 
01:00:00.000000000 +0100
+++ skanpage-25.04.2/debian/patches/CVE-2025-55174.patch        2026-06-08 
23:01:28.000000000 +0200
@@ -0,0 +1,16 @@
+From 19308900da27b46739f2360426b91479e7179a2f Mon Sep 17 00:00:00 2001
+From: Jeff Robertson <[email protected]>
+Date: Sat, 19 Jul 2025 11:35:29 -0400
+Subject: [PATCH] Truncate existing files when overwriting
+
+--- skanpage-25.04.2.orig/src/DocumentSaver.cpp
++++ skanpage-25.04.2/src/DocumentSaver.cpp
+@@ -79,7 +79,7 @@ void DocumentSaver::savePDF(const QUrl &
+ {
+     const QString localName = getLocalNameForFile(fileUrl);
+     QFile file(localName);
+-    bool ok = file.open(QIODevice::ReadWrite);
++    bool ok = file.open(QIODevice::WriteOnly);
+     if (!ok) {
+         Q_EMIT showUserMessage(SkanpageUtils::ErrorMessage, i18nc("%1 is the 
error message", "An error ocurred while saving: %1.", file.errorString()));
+         return;
diff -Nru skanpage-25.04.2/debian/patches/series 
skanpage-25.04.2/debian/patches/series
--- skanpage-25.04.2/debian/patches/series      1970-01-01 01:00:00.000000000 
+0100
+++ skanpage-25.04.2/debian/patches/series      2026-06-08 23:01:11.000000000 
+0200
@@ -0,0 +1 @@
+CVE-2025-55174.patch

Reply via email to