Your message dated Sat, 04 Jul 2026 10:03:10 +0000
with message-id <[email protected]>
and subject line Bug#1138920: fixed in rlottie 0.1+dfsg-4.2+deb13u2
has caused the Debian Bug report #1138920,
regarding rlottie: CVE-2026-47320
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1138920: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138920
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rlottie
Version: 0.1+dfsg-4.3
Severity: important
Tags: security upstream
Forwarded: https://github.com/Samsung/rlottie/pull/593
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for rlottie.

CVE-2026-47320[0]:
| Access of uninitialized pointer, Uncontrolled Recursion
| vulnerability in Samsung Open Source rlottie allows Pointer
| Manipulation, Oversized Serialized Data Payloads.  This issue
| affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-47320
    https://www.cve.org/CVERecord?id=CVE-2026-47320
[1] https://github.com/Samsung/rlottie/pull/593

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: rlottie
Source-Version: 0.1+dfsg-4.2+deb13u2
Done: Nicholas Guriev <[email protected]>

We believe that the bug you reported is fixed in the latest version of
rlottie, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas Guriev <[email protected]> (supplier of updated rlottie package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Jul 2026 14:01:02 +0300
Source: rlottie
Architecture: source
Version: 0.1+dfsg-4.2+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Nicholas Guriev <[email protected]>
Changed-By: Nicholas Guriev <[email protected]>
Closes: 1138919 1138920 1139179
Changes:
 rlottie (0.1+dfsg-4.2+deb13u2) trixie; urgency=medium
 .
   * Fix off-by-one error in Fortify-FreeType-raster.patch.
   * Add Fixed-vpath-potential-issue.patch to fix CVE-2026-47319.
     (Closes: #1138919)
   * Add Limit-recursion-in-LOTLayerItem.patch to fix CVE-2026-47320.
     (Closes: #1138920)
   * New Fixed-signed-shift-issue.patch probably fixes CVE-2026-10305.
     (Closes: #1139179)
   * New Fix-heap-buffer-overflow-from-short-truncation.patch.
Checksums-Sha1:
 2d6d34ec26425e25ca8ce75eaf0733c8babe9611 1482 rlottie_0.1+dfsg-4.2+deb13u2.dsc
 2048ccafc78b679e32bbac51e8343d233517f022 25084 
rlottie_0.1+dfsg-4.2+deb13u2.debian.tar.xz
Checksums-Sha256:
 2453920630fbc30dcc3fc8a6c62a794d402059684b23cac12e90f345b2ab0a29 1482 
rlottie_0.1+dfsg-4.2+deb13u2.dsc
 ee979833cb0021da21c6236ac1253ffabebe92a45a8e4dce1aec174433933458 25084 
rlottie_0.1+dfsg-4.2+deb13u2.debian.tar.xz
Files:
 4704712a4bab37369ebd40d5a7f9b640 1482 libs optional 
rlottie_0.1+dfsg-4.2+deb13u2.dsc
 88329d2e93a9f307f9ae7ef0200419dc 25084 libs optional 
rlottie_0.1+dfsg-4.2+deb13u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iIYEARYIAC4WIQQRm7llN8yxifaG60cF2qh9JI3wlQUCakeXmhAcZ3VyaWV2LW5z
QHlhLnJ1AAoJEAXaqH0kjfCVhzIA/1+tVaHXC9fhLDF2N3EvUvDaMhL0Aeaykb87
fi/B+ISBAP4lA8WJARFhRJU5AaZ11WH21MJ0hPzdDaOy15oo1gwdDA==
=IqB1
-----END PGP SIGNATURE-----

Attachment: pgpX_yHPm5EGG.pgp
Description: PGP signature


--- End Message ---

Reply via email to