Your message dated Sat, 14 Mar 2026 11:48:35 +0000
with message-id <[email protected]>
and subject line Released with 13.4
has caused the Debian Bug report #1125962,
regarding trixie-pu: package pcsx2/1.6.0+dfsg-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125962: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125962
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected], Sébastien Noel
<[email protected]>
Control: affects -1 + src:pcsx2
User: [email protected]
Usertags: pu
[ Reason ]
pcsx2 in trixie is subject to CVE-2025-49589 (#1107756). Backport patch
from upstream to fix the security issue.
[ Impact ]
Fixes CVE-2025-49589 (#1107756).
[ Tests ]
No regressions when manually running pcsx2.
[ Risks ]
Limited risk - backport of patch from upstream to fix CVE.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Backport security fix for CVE-2025-49589.
[ Other info ]
I am uploading this stable fix on behalf of Sébastien Noel
<[email protected]> (in CC).
diff -Nru pcsx2-1.6.0+dfsg/debian/changelog pcsx2-1.6.0+dfsg/debian/changelog
--- pcsx2-1.6.0+dfsg/debian/changelog 2024-12-23 15:57:26.000000000 +0100
+++ pcsx2-1.6.0+dfsg/debian/changelog 2026-01-19 09:55:23.000000000 +0100
@@ -1,3 +1,9 @@
+pcsx2 (1.6.0+dfsg-3+deb13u1) trixie-security; urgency=medium
+
+ * Backport security fix for CVE-2025-49589.
+
+ -- Sébastien Noel <[email protected]> Mon, 19 Jan 2026 09:55:23 +0100
+
pcsx2 (1.6.0+dfsg-3) unstable; urgency=medium
* Team Upload
diff -Nru pcsx2-1.6.0+dfsg/debian/patches/CVE-2025-49589.patch
pcsx2-1.6.0+dfsg/debian/patches/CVE-2025-49589.patch
--- pcsx2-1.6.0+dfsg/debian/patches/CVE-2025-49589.patch 1970-01-01
01:00:00.000000000 +0100
+++ pcsx2-1.6.0+dfsg/debian/patches/CVE-2025-49589.patch 2026-01-19
09:55:23.000000000 +0100
@@ -0,0 +1,124 @@
+Description: CVE-2025-49589
+ backport the following upstream commit:
+ 4c9d2f99b17b1e6f281a264b673f39d95ede6c21
+ 6eac0bbcb1d59197a1aa99e41dfae0f87bc23848
+Origin: upstream
+Forwarded: not-needed
+Last-Update: 2026-01-19
+
+--- a/pcsx2/IopBios.cpp
++++ b/pcsx2/IopBios.cpp
+@@ -20,6 +20,7 @@
+
+ #include <ctype.h>
+ #include <string.h>
++#include <algorithm>
+
+ #ifndef O_BINARY
+ #define O_BINARY 0
+@@ -490,8 +491,12 @@ namespace sysmem {
+
+ if (!SysConsole.iopConsole.IsActive()) return 1;
+
+- char tmp[1024], tmp2[1024];
++ // maximum allowed size for our buffer before we truncate
++ const unsigned int max_len = 4096;
++ char tmp[max_len], tmp2[max_len];
+ char *ptmp = tmp;
++ unsigned int printed_bytes = 0;
++ int remaining_buf = max_len - 1;
+ int n=1, i=0, j = 0;
+
+ while (fmt[i])
+@@ -502,35 +507,50 @@ namespace sysmem {
+ j = 0;
+ tmp2[j++] = '%';
+ _start:
+- switch (fmt[++i])
++ // let's check whether this is our null
terminator
++ // before allowing the parser to proceed
++ if (fmt[i + 1])
+ {
+- case '.':
+- case 'l':
+- tmp2[j++] = fmt[i];
+- goto _start;
+- default:
+- if (fmt[i] >= '0' &&
fmt[i] <= '9')
+- {
++ switch (fmt[++i])
++ {
++ case '.':
++ case 'l':
++ if (j >=
max_len)
++ break;
+ tmp2[j++] =
fmt[i];
+ goto _start;
+- }
+- break;
++ default:
++ if (fmt[i] >=
'0' && fmt[i] <= '9')
++ {
++ if (j
>= max_len)
++
break;
++
tmp2[j++] = fmt[i];
++ goto
_start;
++ }
++ break;
++ }
+ }
+
++ if (j >= max_len)
++ break;
+ tmp2[j++] = fmt[i];
+ tmp2[j] = 0;
+
+ switch (fmt[i])
+ {
+ case 'f': case 'F':
+- ptmp+= sprintf(ptmp,
tmp2, (float)iopMemRead32(sp + n * 4));
++ printed_bytes =
std::min(remaining_buf, snprintf(ptmp, remaining_buf, tmp2,
(float)iopMemRead32(sp + n * 4)));
++ remaining_buf -=
printed_bytes;
++ ptmp += printed_bytes;
+ n++;
+ break;
+
+ case 'a': case 'A':
+ case 'e': case 'E':
+ case 'g': case 'G':
+- ptmp+= sprintf(ptmp,
tmp2, (double)iopMemRead32(sp + n * 4));
++ printed_bytes =
std::min(remaining_buf, snprintf(ptmp, remaining_buf, tmp2,
(double)iopMemRead32(sp + n * 4)));
++ remaining_buf -=
printed_bytes;
++ ptmp += printed_bytes;
+ n++;
+ break;
+
+@@ -539,19 +559,25 @@ _start:
+ case 'd': case 'D':
+ case 'o': case 'O':
+ case 'x': case 'X':
+- ptmp+= sprintf(ptmp,
tmp2, (u32)iopMemRead32(sp + n * 4));
++ printed_bytes =
std::min(remaining_buf, snprintf(ptmp, remaining_buf, tmp2,
(u32)iopMemRead32(sp + n * 4)));
++ remaining_buf -=
printed_bytes;
++ ptmp += printed_bytes;
+ n++;
+ break;
+
+ case 'c':
+- ptmp+= sprintf(ptmp,
tmp2, (u8)iopMemRead32(sp + n * 4));
++ printed_bytes =
std::min(remaining_buf, snprintf(ptmp, remaining_buf, tmp2, (u8)iopMemRead32(sp
+ n * 4)));
++ remaining_buf -=
printed_bytes;
++ ptmp += printed_bytes;
+ n++;
+ break;
+
+ case 's':
+ {
+ std::string s =
iopMemReadString(iopMemRead32(sp + n * 4));
+- ptmp +=
sprintf(ptmp, tmp2, s.data());
++ printed_bytes =
std::min(remaining_buf, snprintf(ptmp, remaining_buf, tmp2, s.data()));
++ remaining_buf
-= printed_bytes;
++ ptmp +=
printed_bytes;
+ n++;
+ }
+ break;
diff -Nru pcsx2-1.6.0+dfsg/debian/patches/series
pcsx2-1.6.0+dfsg/debian/patches/series
--- pcsx2-1.6.0+dfsg/debian/patches/series 2024-12-23 15:37:39.000000000
+0100
+++ pcsx2-1.6.0+dfsg/debian/patches/series 2026-01-19 09:55:23.000000000
+0100
@@ -1,2 +1,3 @@
wxwidgets3.2.patch
cpp_error_ftbfs.patch
+CVE-2025-49589.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 13.4
This update has been released as part of Debian 13.4.
--- End Message ---
