Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56275165 by Moritz Muehlenhoff at 2026-07-03T16:49:23+02:00
four older rlottie issues fixed by Debian-specific patches
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21130,12 +21130,11 @@ CVE-2026-49837
[bullseye] - gobgp <postponed> (Limited support)
NOTE:
https://github.com/osrg/gobgp/security/advisories/GHSA-gjrg-jjr3-56cm
CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung Open Source
rlottie allow ...)
- - rlottie <unfixed> (bug #1138916)
- [trixie] - rlottie <no-dsa> (Minor issue)
- [bookworm] - rlottie <no-dsa> (Minor issue)
+ - rlottie 0.1+dfsg-3 (bug #1138916)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/589
NOTE:
https://github.com/Samsung/rlottie/commit/ffe60942892c3d68b14560761ea920d360ef51bb
+ NOTE: Addressed by earlier Debian-specific patch
Avoid-assertion-failures.patch (see #1138916)
CVE-2026-8762
REJECTED
CVE-2026-8653 (The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable
to gen ...)
@@ -21204,9 +21203,10 @@ CVE-2026-4104 (Authorization bypass through
User-Controlled SQL primary key vuln
CVE-2026-49771 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-49510 (Integer overflow or wraparound vulnerability in Samsung Open
Source rl ...)
- - rlottie <unfixed> (bug #1138921)
- [trixie] - rlottie <no-dsa> (Minor issue)
+ - rlottie 0.1+dfsg-1 (bug #1138921)
NOTE: https://github.com/Samsung/rlottie/pull/592
+ NOTE:
https://github.com/Samsung/rlottie/commit/729e5d0f4dd33029e78b88d6fcda25c1ee107fa2
+ NOTE: Addressed by earlier Debian-specific patch
Fix-crash-on-invalid-data.patch (see #1138916)
CVE-2026-49204 (Leftover debug modules contain fixed credentials for internal
AWS Cogn ...)
NOT-FOR-US: Acer
CVE-2026-49203 (Crucial management API endpoints for cellular eSIM allocation
do not v ...)
@@ -21258,19 +21258,17 @@ CVE-2026-47319 (Memory allocation with excessive size
value vulnerability in Sam
NOTE: https://github.com/Samsung/rlottie/pull/588
NOTE:
https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
CVE-2026-47318 (Stack-based buffer overflow vulnerability in Samsung Open
Source rlott ...)
- - rlottie <unfixed> (bug #1138918)
- [trixie] - rlottie <no-dsa> (Minor issue)
- [bookworm] - rlottie <no-dsa> (Minor issue)
+ - rlottie 0.1+dfsg-3 (bug #1138916)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/582
NOTE:
https://github.com/Samsung/rlottie/commit/9e4f354f6ebdf294738ef7abf1728f40889c2c51
+ NOTE: Addressed by earlier Debian-specific patch
Fortify-FreeType-raster.patch (see #1138916)
CVE-2026-47306 (Uncontrolled Recursion vulnerability in Samsung Open Source
rlottie al ...)
- - rlottie <unfixed> (bug #1138917)
- [trixie] - rlottie <no-dsa> (Minor issue)
- [bookworm] - rlottie <no-dsa> (Minor issue)
+ - rlottie 0.1+dfsg-3 (bug #1138916)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/585
NOTE:
https://github.com/Samsung/rlottie/commit/1cda06022e53206c230fb0c6e38b2adaea729a5d
+ NOTE: Addressed by earlier Debian-specific patch
No-cyclic-structures.patch (see #1138916)
CVE-2026-45739 (Strawberry GraphQL is a library for creating GraphQL APIs. In
versions ...)
NOT-FOR-US: Strawberry GraphQL
CVE-2026-45433 (This vulnerability exists in GX Earth 2022 ONT models due to
the prese ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5627516575ad28241dc2b9f84f013420d72f7f8b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5627516575ad28241dc2b9f84f013420d72f7f8b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits