-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Nov 2025 12:05:10 +0100
Source: rlottie
Architecture: source
Version: 0.1+dfsg-4.2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Nicholas Guriev <guriev-ns@ya.ru>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1109341
Changes:
 rlottie (0.1+dfsg-4.2+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2025-0634 (Closes: #1109341)
     CVE-2025-53074
     CVE-2025-53075
     Most patches to fix these issues are already part of:
       Fix-crash-on-invalid-data.patch
     The remaining boundary check is left in:
       CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch
     For the sake of completeness, the whole upstream patch
     for these CVEs is added in:
       CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org
Checksums-Sha1:
 e658b8d6a633ce137139450a436463ef94ea37c3 2222 rlottie_0.1+dfsg-4.2+deb13u1.dsc
 0b0e019a15c60154d4833080dcfaebaf07788c03 23196 rlottie_0.1+dfsg-4.2+deb13u1.debian.tar.xz
 8568de692bb493815e36998c933b1ed3aa0f3e23 6926 rlottie_0.1+dfsg-4.2+deb13u1_source.buildinfo
Checksums-Sha256:
 531a2886cbc13adcb702b9d1bbd863a185a2b9789e14c83a8fc540149891cb15 2222 rlottie_0.1+dfsg-4.2+deb13u1.dsc
 85de45593d68c22d6037d0011ce16ccfc88ac9de7a1c3ec7f27a23da8358aebb 23196 rlottie_0.1+dfsg-4.2+deb13u1.debian.tar.xz
 95a41fe31d4bb366d184e760c071c173d7f67ff72bdaeb8c56b6fb666831b9fa 6926 rlottie_0.1+dfsg-4.2+deb13u1_source.buildinfo
Files:
 5d7ce82eebac896acf8549756d43adc3 2222 libs optional rlottie_0.1+dfsg-4.2+deb13u1.dsc
 e5eeeea2e4aca02a92494169a399e760 23196 libs optional rlottie_0.1+dfsg-4.2+deb13u1.debian.tar.xz
 76d1d034509e2ab0bbafa4da32ad4a80 6926 libs optional rlottie_0.1+dfsg-4.2+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmklvxtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRzwND/0TorzorvD7dfiDWuXMbEQq6znY+ySp
GT/l4pWKojiLIqPYBQnxvzimSGQRrxstWv21vO33AZs3b01V209NL8dI2Brn6X5Y
HfyEF2vqB3Gl+vvKEqY2lLQ9AWmAfHssdLlBGFe1skallhoyyZq30llqcTAYvcTK
5p0N8SkBKA+xMMA+3MLj0KjEWZCmYi3pXJHhIJG8lVxmFbsgmSdIBH3neYH1NpU0
ux4K0yy3BixRlzr4Y3/Vw4fkSyAkT65iPhi6ZFs2xkKr0YWIH1BPBqbtkcgYHthG
fkmCzcNfzE13hbKCigL46AUxguz9stImqP9DpeiSYuTO7YH7A9RIjbrjSbWN5nHT
vmoiJMSs602iDzBI399tKY3S9pvx8vua7lHJnI75BPqYHJQg0P7A3Shh85OP+d7+
XU2gdxnmPcl7OirJeiG26IwzrGvt1L3BN92PqMLhcsrYFukM+AGbVgNoy8lJ9o3n
H4yhmIKc2NnPLcGa2Alw1TyvhR2fI3jacbbFf/wnqPO/+4zzgOr2L9TeCetahllO
zKxZfuJtzLZENlaSBq/elOVF//PFv3iveOiRaZzcPRgRwK5DgvuzDYoMbbUafQ8I
W26F19th/mwlVp4qBbUHJmu9QjCGXweTVwPdmdsgKP11yUopSHmeTTnngsToo4fO
cdXZt52oKm162w==
=8WGg
-----END PGP SIGNATURE-----