Your message dated Fri, 12 Jun 2026 08:22:40 +0000
with message-id <[email protected]>
and subject line Bug#1138919: fixed in rlottie 0.1+dfsg-5
has caused the Debian Bug report #1138919,
regarding rlottie: CVE-2026-47319
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138919
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rlottie
Version: 0.1+dfsg-4.3
Severity: important
Tags: security upstream
Forwarded: https://github.com/Samsung/rlottie/pull/588
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for rlottie.
CVE-2026-47319[0]:
| Memory allocation with excessive size value vulnerability in Samsung
| Open Source rlottie allows Excessive Allocation. This issue affects
| rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-47319
https://www.cve.org/CVERecord?id=CVE-2026-47319
[1] https://github.com/Samsung/rlottie/pull/588
[2]
https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rlottie
Source-Version: 0.1+dfsg-5
Done: Nicholas Guriev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rlottie, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicholas Guriev <[email protected]> (supplier of updated rlottie package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 12 Jun 2026 10:20:51 +0300
Source: rlottie
Architecture: source
Version: 0.1+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Nicholas Guriev <[email protected]>
Changed-By: Nicholas Guriev <[email protected]>
Closes: 1133621 1138919 1138920 1139179
Changes:
rlottie (0.1+dfsg-5) unstable; urgency=medium
.
* Add Fix-uninitialized-arena-allocator.patch and remove -Os build flag.
* Add Remove-unused-variables.patch to fix build with GCC 16.
(Closes: #1133621)
* Fix off-by-one error in Fortify-FreeType-raster.patch.
* Add Fixed-vpath-potential-issue.patch to fix CVE-2026-47319.
(Closes: #1138919)
* Add Limit-recursion-in-LOTLayerItem.patch to fix CVE-2026-47320.
(Closes: #1138920)
* New Fixed-signed-shift-issue.patch probably fixes CVE-2026-10305.
(Closes: #1139179)
* Update standards version to 4.7.4.
- Remove no longer needed Priority and Rules-Requires-Root fields.
* Remove broken debian/watch file.
* Emit ignore regexp in build log to silence blhc.
Checksums-Sha1:
fc4732f4fe6749b6c7bfbdc5e554f7927eb57160 1440 rlottie_0.1+dfsg-5.dsc
ee6573f05bf472a4ed7522b39ca1176af0ae773c 24448 rlottie_0.1+dfsg-5.debian.tar.xz
Checksums-Sha256:
7a8fba104823aac71b9bb9fd1456a17dffd3db698e09a9101b69d624d5c7039f 1440
rlottie_0.1+dfsg-5.dsc
79d4f1948e1de1e14ed11691a3ea80294b06e19e5fe27df97beaa1ad7adbafd6 24448
rlottie_0.1+dfsg-5.debian.tar.xz
Files:
1f77da555d02fd4f1e32d144b6da0889 1440 libs - rlottie_0.1+dfsg-5.dsc
796f1d036f9d04e4a6636b6c6ca5d4d1 24448 libs - rlottie_0.1+dfsg-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iIYEARYIAC4WIQQRm7llN8yxifaG60cF2qh9JI3wlQUCaiu0eBAcZ3VyaWV2LW5z
QHlhLnJ1AAoJEAXaqH0kjfCVZMYA+wZApeHAVT0eFd4LPd0vIj77Y4scviDF9b1f
EENjZpnGAP4uYygyYfvl5mIx8cK10mvhSLtuNP+tHf9rClDbQuXfDQ==
=NN5h
-----END PGP SIGNATURE-----
pgpI8RwGlFQV6.pgp
Description: PGP signature
--- End Message ---