Update jpegxl to 0.11.2 (CVE-2025-12474, CVE-2026-1837) #2

Merged

sbelikov merged 2 commits from update-jpegxl-0.11.2 into niceos-5.2 2026-04-28 15:28:22 +03:00

Conversation 0 Commits 2 Files changed 1 +11 -3

sbelikov commented 2026-04-28 15:17:41 +03:00

Owner

Copy link

Summary

Update jpegxl package from 0.11.1 to 0.11.2 to address critical security vulnerabilities.

Security Fixes

• CVE-2025-12474: Fixed tile dimension calculation in low memory rendering pipeline.
• CVE-2026-1837: Fixed number of channels handling for gray-to-gray color transform.
• CVE-2025-12474 (related): djxl now rejects decoding JXL files if "packed" representation size overflows size_t.

Upstream Notes

This release is for evaluation purposes and may contain bugs. See upstream SECURITY.md for details.

References

• Issue: #1
• Upstream Release Notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2

## Summary Update `jpegxl` package from 0.11.1 to 0.11.2 to address critical security vulnerabilities. ### Security Fixes - **CVE-2025-12474**: Fixed tile dimension calculation in low memory rendering pipeline. - **CVE-2026-1837**: Fixed number of channels handling for gray-to-gray color transform. - **CVE-2025-12474 (related)**: `djxl` now rejects decoding JXL files if "packed" representation size overflows `size_t`. ### Upstream Notes This release is for evaluation purposes and may contain bugs. See upstream [SECURITY.md](SECURITY.md) for details. ## References - Issue: https://specs.niceos.ru/rpms/jpegxl/issues/1 - Upstream Release Notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2

sbelikov added 1 commit 2026-04-28 15:17:41 +03:00

Update jpegxl to 0.11.2 (CVE-2025-12474, CVE-2026-1837) 81718418dd

sbelikov added 1 commit 2026-04-28 15:26:13 +03:00

Adjust spec ef64da935f

sbelikov merged commit 33d2e2da7b into niceos-5.2 2026-04-28 15:28:22 +03:00

sbelikov referenced this pull request from a commit 2026-04-28 15:28:24 +03:00

Merge pull request 'Update jpegxl to 0.11.2 (CVE-2025-12474, CVE-2026-1837)' (#2) from update-jpegxl-0.11.2 into niceos-5.2

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

ai-summary

Issue contains local NiceSOFT AI generated preliminary analysis

  

bot

Created by automation

  

needs-build

Needs build verification

  

needs-triage

Needs maintainer triage

  

priority/high

High priority

  

security-release

Release notes mention security fixes or CVE

  

update/patch

Patch-level update

  

upstream-update

New upstream version is available

  

upstream/github

GitHub upstream

No labels

ai-summary

bot

needs-build

needs-triage

priority/high

security-release

update/patch

upstream-update

upstream/github

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rpms/jpegxl!2

No description provided.