Your message dated Sat, 03 Jan 2026 09:44:39 +0000
with message-id <[email protected]>
and subject line Bug#1124376: fixed in wasmedge 0.16.0+dfsg-1
has caused the Debian Bug report #1124376,
regarding wasmedge: CVE-2025-69261
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124376
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wasmedge
Version: 0.14.1+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.14.1+dfsg-3.2
Control: found -1 0.14.1+dfsg-3.1
Hi,
The following vulnerability was published for wasmedge.
CVE-2025-69261[0]:
| WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3,
| a multiplication in `WasmEdge/include/runtime/instance/memory.h` can
| wrap, causing `checkAccessBound()` to incorrectly allow the access.
| This leads to a segmentation fault. Version 0.16.0-alpha.3 contains
| a patch for the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-69261
https://www.cve.org/CVERecord?id=CVE-2025-69261
[1] https://github.com/WasmEdge/WasmEdge/security/advisories/GHSA-89fm-8mr7-gg4m
[2]
https://github.com/WasmEdge/WasmEdge/commit/37cc9fa19bd23edbbdaa9252059b17f191fa4d17
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wasmedge
Source-Version: 0.16.0+dfsg-1
Done: Faidon Liambotis <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wasmedge, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <[email protected]> (supplier of updated wasmedge package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Jan 2026 11:01:56 +0200
Source: wasmedge
Architecture: source
Version: 0.16.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Faidon Liambotis <[email protected]>
Changed-By: Faidon Liambotis <[email protected]>
Closes: 1124376
Changes:
wasmedge (0.16.0+dfsg-1) unstable; urgency=medium
.
* New upstream release.
- Addresses a memory.h checkAccessBound() vulnerability, CVE-2025-69261.
(Closes: #1124376)
- Remove all backported patches from debian/patches.
- Remove Files-Excluded for files that were removed upstream.
- Update debian/copyright with removed files & new copyright years.
- Add new symbols to libwasmedge0.symbols.
* Update the capi-wasi-env and capi-mandelbrot autopkgtests to accommodate
upstream changes.
Checksums-Sha1:
b555c1bbd073099961209fd48a5f35b57296b8b0 2293 wasmedge_0.16.0+dfsg-1.dsc
93533ee7fff87354a93a3903ac8a161fe592a1fa 2173904
wasmedge_0.16.0+dfsg.orig.tar.xz
7ec134516fb7038b037d28deaacbdcf6f798930e 12044
wasmedge_0.16.0+dfsg-1.debian.tar.xz
e9d6724e49f768cb3e318a5fbbf50a33d195541e 9446
wasmedge_0.16.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
c0f5fdabe32ef5dc01363496ce5a0263446fa55775c0bb83e952103302a95aba 2293
wasmedge_0.16.0+dfsg-1.dsc
be7707c103d1f0610c2827a00a038e02842310f831db61fd8410adedf60296e1 2173904
wasmedge_0.16.0+dfsg.orig.tar.xz
2b18c56398f43ee86e5e3734138ea21b21f00687ba93c532ee328ecea09e262a 12044
wasmedge_0.16.0+dfsg-1.debian.tar.xz
cd96775d82584e500c6718dbb143efce44368dc3665c06e3c2b648afa62f4b71 9446
wasmedge_0.16.0+dfsg-1_amd64.buildinfo
Files:
37eea421c1f1dce59ba3aaf9cdc19514 2293 web optional wasmedge_0.16.0+dfsg-1.dsc
d16938db678988e8243f2986f76aeea7 2173904 web optional
wasmedge_0.16.0+dfsg.orig.tar.xz
f6d6ce922382a18a6447896b507348db 12044 web optional
wasmedge_0.16.0+dfsg-1.debian.tar.xz
620b79e8a8dcafb8576525b2139c7d09 9446 web optional
wasmedge_0.16.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqVksUhy5BAd9ZZgAnQteWx7sjw4FAmlY3LAACgkQnQteWx7s
jw4FWQ//SgsZwrTZxkg83sQ95glGeZyJbJLw5yPdEQ2u16VZhBAhfzmixI+NwDon
ERbowSzMxpQnGHeoOcoH1Tmc/lMHi+RB3mvGFSD8Yq5tcLnbKJGI9lC6wyDStd+i
1pwmCX4kIhpqtfu54yHFUCh42ZTo6/eL0hKe2Fq8oK4g6I4qym34ICY6bwSWy5ar
XRyajwxMtK7C8d6ixkWZ5s+s5LHUGInRWVfMec0t9YtBmAyboEdcICHxMQdfhaYp
wj6jAeVp82zZzzP+u8Uy2Y0YQCIo/QNAAhfBDNLRXkrT+YAd6xRkMKX391RsrZ+m
OPBRP5IH+tH9u9dn5DxLpPrYo33KKkiJK7Um06N+XcwBK9zTuFxekvRfStB2/Y3I
6rj8ljeO7mmJGb+LwUfT34yyKvNZc8sJEWCEmGrvq4yxzIYCwQv/uBgj0NJv7cmY
7W23pBUIUGtVMJmQ3hlJOhkyeADJ5MlVQBJUdvY8PylosuH8V5lwTY6UT8ouqP25
UYXC2mzmwyXhbKKhw9YyfjQ9lPNDXypWrFhJpq8kwj48uLGsNRqirSpS9IJEPbsw
1VgBx3DHU2vbFn/rc5ReD0PC/IH1BbzFK/9XyucUtW5y0vC120AyqDRKrW8TBXgG
raqPFD0Awsc0mNQJUvBZiaWhGIF7nOoFP35PO3fYN55WluuODzY=
=CoIQ
-----END PGP SIGNATURE-----
pgpJFdSvBu8Vr.pgp
Description: PGP signature
--- End Message ---
