On 09/07/2026 13:29, Nicholas Guriev wrote:
On 09.07.2026 14:06:25 +0300 you wrote:
I meant: go ahead and upload it to security-master targetting
bullseye-security in the changelog/changes file.

Ok, uploaded.

Do you want to send the DLA? If so, I can make the reservation and send you
the template. Alternatively I can do the paperwork, as you prefer.

I think reservation DLA ID would be enough. I'll compose a letter with a brief
library description and what has been updated once the package is built.

Actually, I locally ran the bin/gen-DLA script yesterday and have a template,
but the invocation failed at git push command in the end.

I have reserved it. I'm attaching the generated template in case it's more useful. Note that you'll need to send a GPG-signed email for the announcement to go through.

Cheers,
Emilio
From: Emilio Pozuelo Monfort <[email protected]>
To: [email protected]
Subject: [SECURITY] [DLA 4675-1] rlottie security update

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4675-1                [email protected]
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
July 09, 2026                                 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : rlottie
Version        : 0.1+dfsg-2+deb11u2 $bookworm_VERSION
CVE ID         : CVE-2026-8916 CVE-2026-10305 CVE-2026-47306 CVE-2026-47318 
                 CVE-2026-47319 CVE-2026-47320
Debian Bug     : 994614 1138916 1138917 1138918 1138919 1138920 1139179

Brief introduction 

CVE-2026-8916

    Description

CVE-2026-10305

    Description

CVE-2026-47306

    Description

CVE-2026-47318

    Description

CVE-2026-47319

    Description

CVE-2026-47320

    Description

For Debian 11 bullseye, these problems have been fixed in version
0.1+dfsg-2+deb11u2.

For Debian 12 bookworm, these problems have been fixed in version
$bookworm_VERSION.

We recommend that you upgrade your rlottie packages.

For the detailed security status of rlottie please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rlottie

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Reply via email to