On 09/07/2026 13:29, Nicholas Guriev wrote:
On 09.07.2026 14:06:25 +0300 you wrote:
I meant: go ahead and upload it to security-master targetting
bullseye-security in the changelog/changes file.
Ok, uploaded.
Do you want to send the DLA? If so, I can make the reservation and send you
the template. Alternatively I can do the paperwork, as you prefer.
I think reservation DLA ID would be enough. I'll compose a letter with a brief
library description and what has been updated once the package is built.
Actually, I locally ran the bin/gen-DLA script yesterday and have a template,
but the invocation failed at git push command in the end.
I have reserved it. I'm attaching the generated template in case it's more
useful. Note that you'll need to send a GPG-signed email for the announcement to
go through.
Cheers,
Emilio
From: Emilio Pozuelo Monfort <[email protected]>
To: [email protected]
Subject: [SECURITY] [DLA 4675-1] rlottie security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4675-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
July 09, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : rlottie
Version : 0.1+dfsg-2+deb11u2 $bookworm_VERSION
CVE ID : CVE-2026-8916 CVE-2026-10305 CVE-2026-47306 CVE-2026-47318
CVE-2026-47319 CVE-2026-47320
Debian Bug : 994614 1138916 1138917 1138918 1138919 1138920 1139179
Brief introduction
CVE-2026-8916
Description
CVE-2026-10305
Description
CVE-2026-47306
Description
CVE-2026-47318
Description
CVE-2026-47319
Description
CVE-2026-47320
Description
For Debian 11 bullseye, these problems have been fixed in version
0.1+dfsg-2+deb11u2.
For Debian 12 bookworm, these problems have been fixed in version
$bookworm_VERSION.
We recommend that you upgrade your rlottie packages.
For the detailed security status of rlottie please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rlottie
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS