Your message dated Sat, 04 Jul 2026 10:32:42 +0000
with message-id <[email protected]>
and subject line Bug#1138920: fixed in rlottie 0.1+dfsg-4+deb12u2
has caused the Debian Bug report #1138920,
regarding rlottie: CVE-2026-47320
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1138920: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138920
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rlottie
Version: 0.1+dfsg-4.3
Severity: important
Tags: security upstream
Forwarded: https://github.com/Samsung/rlottie/pull/593
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for rlottie.

CVE-2026-47320[0]:
| Access of uninitialized pointer, Uncontrolled Recursion
| vulnerability in Samsung Open Source rlottie allows Pointer
| Manipulation, Oversized Serialized Data Payloads.  This issue
| affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-47320
    https://www.cve.org/CVERecord?id=CVE-2026-47320
[1] https://github.com/Samsung/rlottie/pull/593

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: rlottie
Source-Version: 0.1+dfsg-4+deb12u2
Done: Nicholas Guriev <[email protected]>

We believe that the bug you reported is fixed in the latest version of
rlottie, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicholas Guriev <[email protected]> (supplier of updated rlottie package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Jul 2026 14:07:04 +0300
Source: rlottie
Architecture: source
Version: 0.1+dfsg-4+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Nicholas Guriev <[email protected]>
Changed-By: Nicholas Guriev <[email protected]>
Closes: 1138919 1138920 1139179
Changes:
 rlottie (0.1+dfsg-4+deb12u2) bookworm; urgency=medium
 .
   * Fix off-by-one error in Fortify-FreeType-raster.patch.
   * Add Fixed-vpath-potential-issue.patch to fix CVE-2026-47319.
     (Closes: #1138919)
   * Add Limit-recursion-in-LOTLayerItem.patch to fix CVE-2026-47320.
     (Closes: #1138920)
   * New Fixed-signed-shift-issue.patch probably fixes CVE-2026-10305.
     (Closes: #1139179)
   * New Fix-heap-buffer-overflow-from-short-truncation.patch.
Checksums-Sha1:
 8ea12e3376b81807f38846d7b1b09e580cfee78e 1474 rlottie_0.1+dfsg-4+deb12u2.dsc
 f9683db1c5c1e644579cd6063bac8982701d8410 24364 
rlottie_0.1+dfsg-4+deb12u2.debian.tar.xz
Checksums-Sha256:
 088111e5b3ba156ab35761264b80eb5496a72244fd6b0b32a4cf1c6bfef07bd7 1474 
rlottie_0.1+dfsg-4+deb12u2.dsc
 38effe1a5946651e986c02a0304661125f181660a083acd8413460622b2b60e7 24364 
rlottie_0.1+dfsg-4+deb12u2.debian.tar.xz
Files:
 0b075ef557c045fda090781a614fd3ab 1474 libs optional 
rlottie_0.1+dfsg-4+deb12u2.dsc
 ac9a7ab3cd22a4fe0c0d5d604488b5a7 24364 libs optional 
rlottie_0.1+dfsg-4+deb12u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iIYEARYIAC4WIQQRm7llN8yxifaG60cF2qh9JI3wlQUCakeYUxAcZ3VyaWV2LW5z
QHlhLnJ1AAoJEAXaqH0kjfCVWZoBAIdvWCV6jCIBqY/Zek8KN4ttloqXbsUNxeGf
OHJc/EZnAP9BtXfzb6y16caXdu0mz9hvxt3oqJmyd+HSv+ZIlAiCCg==
=49fp
-----END PGP SIGNATURE-----

Attachment: pgpbpvccAytsq.pgp
Description: PGP signature


--- End Message ---

Reply via email to