Your message dated Fri, 12 Jun 2026 08:22:40 +0000
with message-id <[email protected]>
and subject line Bug#1138920: fixed in rlottie 0.1+dfsg-5
has caused the Debian Bug report #1138920,
regarding rlottie: CVE-2026-47320
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1138920: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138920
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rlottie
Version: 0.1+dfsg-4.3
Severity: important
Tags: security upstream
Forwarded: https://github.com/Samsung/rlottie/pull/593
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for rlottie.

CVE-2026-47320[0]:
| Access of uninitialized pointer, Uncontrolled Recursion
| vulnerability in Samsung Open Source rlottie allows Pointer
| Manipulation, Oversized Serialized Data Payloads.  This issue
| affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-47320
    https://www.cve.org/CVERecord?id=CVE-2026-47320
[1] https://github.com/Samsung/rlottie/pull/593

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: rlottie
Source-Version: 0.1+dfsg-5
Done: Nicholas Guriev <[email protected]>

We believe that the bug you reported is fixed in the latest version of
rlottie, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas Guriev <[email protected]> (supplier of updated rlottie package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Jun 2026 10:20:51 +0300
Source: rlottie
Architecture: source
Version: 0.1+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Nicholas Guriev <[email protected]>
Changed-By: Nicholas Guriev <[email protected]>
Closes: 1133621 1138919 1138920 1139179
Changes:
 rlottie (0.1+dfsg-5) unstable; urgency=medium
 .
   * Add Fix-uninitialized-arena-allocator.patch and remove -Os build flag.
   * Add Remove-unused-variables.patch to fix build with GCC 16.
     (Closes: #1133621)
   * Fix off-by-one error in Fortify-FreeType-raster.patch.
   * Add Fixed-vpath-potential-issue.patch to fix CVE-2026-47319.
     (Closes: #1138919)
   * Add Limit-recursion-in-LOTLayerItem.patch to fix CVE-2026-47320.
     (Closes: #1138920)
   * New Fixed-signed-shift-issue.patch probably fixes CVE-2026-10305.
     (Closes: #1139179)
   * Update standards version to 4.7.4.
     - Remove no longer needed Priority and Rules-Requires-Root fields.
   * Remove broken debian/watch file.
   * Emit ignore regexp in build log to silence blhc.
Checksums-Sha1:
 fc4732f4fe6749b6c7bfbdc5e554f7927eb57160 1440 rlottie_0.1+dfsg-5.dsc
 ee6573f05bf472a4ed7522b39ca1176af0ae773c 24448 rlottie_0.1+dfsg-5.debian.tar.xz
Checksums-Sha256:
 7a8fba104823aac71b9bb9fd1456a17dffd3db698e09a9101b69d624d5c7039f 1440 
rlottie_0.1+dfsg-5.dsc
 79d4f1948e1de1e14ed11691a3ea80294b06e19e5fe27df97beaa1ad7adbafd6 24448 
rlottie_0.1+dfsg-5.debian.tar.xz
Files:
 1f77da555d02fd4f1e32d144b6da0889 1440 libs - rlottie_0.1+dfsg-5.dsc
 796f1d036f9d04e4a6636b6c6ca5d4d1 24448 libs - rlottie_0.1+dfsg-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iIYEARYIAC4WIQQRm7llN8yxifaG60cF2qh9JI3wlQUCaiu0eBAcZ3VyaWV2LW5z
QHlhLnJ1AAoJEAXaqH0kjfCVZMYA+wZApeHAVT0eFd4LPd0vIj77Y4scviDF9b1f
EENjZpnGAP4uYygyYfvl5mIx8cK10mvhSLtuNP+tHf9rClDbQuXfDQ==
=NN5h
-----END PGP SIGNATURE-----

Attachment: pgpGWPiFisJt5.pgp
Description: PGP signature


--- End Message ---

Reply via email to