[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4474-1] rlottie security updat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4474-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 09, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : rlottie
Version        : 0.1+dfsg-2+deb11u1
CVE ID         : CVE-2025-0634 CVE-2025-53074 CVE-2025-53075
Several issues have been found in rlottie, a library for rendering vector based animations and art. Most of these CVEs have been already fixed by Fix-crash-on-invalid-data.patch in a previous upload. The remaining boundary check has now been fixed as well. 


For Debian 11 bullseye, these problems have been fixed in version
0.1+dfsg-2+deb11u1.

We recommend that you upgrade your rlottie packages.

For the detailed security status of rlottie please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rlottie

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmKEjpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcu6w//RMgmxQNbfGZpv+MCOHqYvhr0byK0AZdJ2Vs9jNE9AWUbo9CpMyfCZU5N
02br9234WczF32396iIzoKetf7W0LAi1DKEmmvgcBBevLk3PcYokIP33S3bUM6uB
0a7a31PnwsHQDlLqQLDDB1jfUJYkMcfXcSop0kHrq1DN3apAUfY9VvSIb/ZK/07E
pBkFt6Ipue6FpJQG13X36ZnTVblevCLNjNkmgtPXQfIHj+GGtUbOIh8l+YZlrdGt
rvpfA1kP1N9syWZi50TAVSKli45ma/DXseVAAmLzvyQQHbCT5+36EkvkUCCPlSjY
FdGg0UKB5KCb3tCiJdzbCVdchiYxrG1+NMrwZXgES+4GKfReARwPaZr9sCFFR4gn
Np/OtXTvNPV5V4m3HNkjJOrEkuoXFbBckwiW5y+23JfLF90jW2EZBi9nkBiugWaa
QhLLzlvY3UEfFgw9sl6j3Hegna0NZGGv/lekfs8AoXNj0fyE6lbksHqT0dA9uYcP
5n2Ek24fVykuXVsMw/EH7Wzt6JgVebcHnZE4QewmG8XRrZsYLFhPMCqWZITZqsGv
7ytnE6h/Dx2eQKSuB4/Zgn08VY1Hn2TkYppnbM99XgfGxfkTYh4rSJ9lRZuf1sXo
V17sSFsAgQNstWtSIC2tsROvOkDDSVdE140rVxg1DqU78wOew40=
=9qCE
-----END PGP SIGNATURE-----
Reply to: