[SECURITY] [DLA 4343-1] raptor2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4343-1] raptor2 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 22 Oct 2025 17:00:08 +0000 (UTC)
Message-id: <[🔎] 3b8c4821-5526-ba23-8bd0-3b7f41d691@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4343-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 22, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : raptor2
Version        : 2.0.14-1.2+deb11u1
CVE ID         : CVE-2024-57822 CVE-2024-57823

Two issues have been found in raptor2, an RDF parser and serializerutilities. One issue is related to a heap-based buffer over-read whenparsing triples. The other issue is related to an integer underflow whennormalizing an URI.



For Debian 11 bullseye, these problems have been fixed in version
2.0.14-1.2+deb11u1.

We recommend that you upgrade your raptor2 packages.

For the detailed security status of raptor2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/raptor2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmj5DZhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfieA/8Ccv3WtIQxGPaBaDO7TwlRDa+bFmCpe3fj+jboPo3zQ64YtF6JwU8CdtM
kYdl0mznKR2Nhq/SbQe9EWikf228aoyIb7FtmnyBVP1ZYQqTYwxsja/MVFLWUn+a
diukZwl7PvJI+dFWT2Jc+dvqeNAQHGjJnec+/i7vNj2yEGvfDfcS0N33DdStZCmu
VvZ78N78DmXMYB5Rm5aAa3QAyfOKH4UMqKkGGCyY7AnkeFHujhg6cUN3Hob1KoqL
EQTfYFvrfE6OaJR/KsgVMKcvPpmfDGSV/c8xQ0aiKXtvs8D21XOfOwHTXXBI9hca
c+5YhKc5B3y8+i1roDtQsjdj57oTd9fKsQ6n+GqgGBl437mloEaZFe9inMEfp5H/
800YrljntaWm/nfSZl0N3fXy1ZFids/QQAAcCY1IaGap/O/Uu9qETV7fzMguyOw1
sUNlEyDjN0N6Pm+T/rJdzpXx1WTqZqCAGIk2Ld3dQnS4GZxQBelReaHOcB92Hcdg
OGiwNztZ5hmRMI5+pS9nEVST/JVYLwQP7amftoSKOI8+AJ3JVfZBgdAozy1aDZoh
sRgAUA0j4EOV+KOMsl9ON+oDIIklUz7J1Q7WfOG9yxXmby1nRzKSUh7i+Z8ZEfVO
qkq85C1iUjObVdENnuQpeABVZZdVsFIhHvbNZoeRhMqhkjOOICo=
=P0CD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4342-1] gimp security update
Next by Date: [SECURITY] [DLA 4344-1] gdk-pixbuf security update
Previous by thread: [SECURITY] [DLA 4342-1] gimp security update
Next by thread: [SECURITY] [DLA 4344-1] gdk-pixbuf security update
Index(es):
- Date
- Thread