Debian alert DLA-4474-1 (rlottie)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4474-1] rlottie security updat | |
| Date: | Mon, 09 Feb 2026 16:58:33 +0000 | |
| Message-ID: | <bd4f83f3-deca-5198-2b9a-78e559af9096@alteholz.de> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4474-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz February 09, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rlottie Version : 0.1+dfsg-2+deb11u1 CVE ID : CVE-2025-0634 CVE-2025-53074 CVE-2025-53075 Several issues have been found in rlottie, a library for rendering vector based animations and art. Most of these CVEs have been already fixed by Fix-crash-on-invalid-data.patch in a previous upload. The remaining boundary check has now been fixed as well. For Debian 11 bullseye, these problems have been fixed in version 0.1+dfsg-2+deb11u1. We recommend that you upgrade your rlottie packages. For the detailed security status of rlottie please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rlottie Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmKEjpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcu6w//RMgmxQNbfGZpv+MCOHqYvhr0byK0AZdJ2Vs9jNE9AWUbo9CpMyfCZU5N 02br9234WczF32396iIzoKetf7W0LAi1DKEmmvgcBBevLk3PcYokIP33S3bUM6uB 0a7a31PnwsHQDlLqQLDDB1jfUJYkMcfXcSop0kHrq1DN3apAUfY9VvSIb/ZK/07E pBkFt6Ipue6FpJQG13X36ZnTVblevCLNjNkmgtPXQfIHj+GGtUbOIh8l+YZlrdGt rvpfA1kP1N9syWZi50TAVSKli45ma/DXseVAAmLzvyQQHbCT5+36EkvkUCCPlSjY FdGg0UKB5KCb3tCiJdzbCVdchiYxrG1+NMrwZXgES+4GKfReARwPaZr9sCFFR4gn Np/OtXTvNPV5V4m3HNkjJOrEkuoXFbBckwiW5y+23JfLF90jW2EZBi9nkBiugWaa QhLLzlvY3UEfFgw9sl6j3Hegna0NZGGv/lekfs8AoXNj0fyE6lbksHqT0dA9uYcP 5n2Ek24fVykuXVsMw/EH7Wzt6JgVebcHnZE4QewmG8XRrZsYLFhPMCqWZITZqsGv 7ytnE6h/Dx2eQKSuB4/Zgn08VY1Hn2TkYppnbM99XgfGxfkTYh4rSJ9lRZuf1sXo V17sSFsAgQNstWtSIC2tsROvOkDDSVdE140rVxg1DqU78wOew40= =9qCE -----END PGP SIGNATURE-----