Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
56275165 by Moritz Muehlenhoff at 2026-07-03T16:49:23+02:00
four older rlottie issues fixed by Debian-specific patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21130,12 +21130,11 @@ CVE-2026-49837
        [bullseye] - gobgp <postponed> (Limited support)
        NOTE: 
https://github.com/osrg/gobgp/security/advisories/GHSA-gjrg-jjr3-56cm
 CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung Open Source 
rlottie allow ...)
-       - rlottie <unfixed> (bug #1138916)
-       [trixie] - rlottie <no-dsa> (Minor issue)
-       [bookworm] - rlottie <no-dsa> (Minor issue)
+       - rlottie 0.1+dfsg-3 (bug #1138916)
        [bullseye] - rlottie <postponed> (Minor issue)
        NOTE: https://github.com/Samsung/rlottie/pull/589
        NOTE: 
https://github.com/Samsung/rlottie/commit/ffe60942892c3d68b14560761ea920d360ef51bb
+       NOTE: Addressed by earlier Debian-specific patch 
Avoid-assertion-failures.patch (see #1138916)
 CVE-2026-8762
        REJECTED
 CVE-2026-8653 (The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable 
to gen ...)
@@ -21204,9 +21203,10 @@ CVE-2026-4104 (Authorization bypass through 
User-Controlled SQL primary key vuln
 CVE-2026-49771 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-49510 (Integer overflow or wraparound vulnerability in Samsung Open 
Source rl ...)
-       - rlottie <unfixed> (bug #1138921)
-       [trixie] - rlottie <no-dsa> (Minor issue)
+       - rlottie 0.1+dfsg-1 (bug #1138921)
        NOTE: https://github.com/Samsung/rlottie/pull/592
+       NOTE: 
https://github.com/Samsung/rlottie/commit/729e5d0f4dd33029e78b88d6fcda25c1ee107fa2
+       NOTE: Addressed by earlier Debian-specific patch 
Fix-crash-on-invalid-data.patch (see #1138916)
 CVE-2026-49204 (Leftover debug modules contain fixed credentials for internal 
AWS Cogn ...)
        NOT-FOR-US: Acer
 CVE-2026-49203 (Crucial management API endpoints for cellular eSIM allocation 
do not v ...)
@@ -21258,19 +21258,17 @@ CVE-2026-47319 (Memory allocation with excessive size 
value vulnerability in Sam
        NOTE: https://github.com/Samsung/rlottie/pull/588
        NOTE: 
https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
 CVE-2026-47318 (Stack-based buffer overflow vulnerability in Samsung Open 
Source rlott ...)
-       - rlottie <unfixed> (bug #1138918)
-       [trixie] - rlottie <no-dsa> (Minor issue)
-       [bookworm] - rlottie <no-dsa> (Minor issue)
+       - rlottie 0.1+dfsg-3 (bug #1138916)
        [bullseye] - rlottie <postponed> (Minor issue)
        NOTE: https://github.com/Samsung/rlottie/pull/582
        NOTE: 
https://github.com/Samsung/rlottie/commit/9e4f354f6ebdf294738ef7abf1728f40889c2c51
+       NOTE: Addressed by earlier Debian-specific patch 
Fortify-FreeType-raster.patch (see #1138916)
 CVE-2026-47306 (Uncontrolled Recursion vulnerability in Samsung Open Source 
rlottie al ...)
-       - rlottie <unfixed> (bug #1138917)
-       [trixie] - rlottie <no-dsa> (Minor issue)
-       [bookworm] - rlottie <no-dsa> (Minor issue)
+       - rlottie 0.1+dfsg-3 (bug #1138916)
        [bullseye] - rlottie <postponed> (Minor issue)
        NOTE: https://github.com/Samsung/rlottie/pull/585
        NOTE: 
https://github.com/Samsung/rlottie/commit/1cda06022e53206c230fb0c6e38b2adaea729a5d
+       NOTE: Addressed by earlier Debian-specific patch 
No-cyclic-structures.patch (see #1138916)
 CVE-2026-45739 (Strawberry GraphQL is a library for creating GraphQL APIs. In 
versions ...)
        NOT-FOR-US: Strawberry GraphQL
 CVE-2026-45433 (This vulnerability exists in GX Earth 2022 ONT models due to 
the prese ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5627516575ad28241dc2b9f84f013420d72f7f8b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5627516575ad28241dc2b9f84f013420d72f7f8b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to