-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 Nov 2025 12:05:10 +0100 Source: rlottie Binary: librlottie-dev librlottie0-1 librlottie0-1-dbgsym Architecture: i386 Version: 0.1+dfsg-4.2+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Thorsten Alteholz Description: librlottie-dev - library for rendering vector based animations and art (developmen librlottie0-1 - library for rendering vector based animations and art Closes: 1109341 Changes: rlottie (0.1+dfsg-4.2+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2025-0634 (Closes: #1109341) CVE-2025-53074 CVE-2025-53075 Most patches to fix these issues are already part of: Fix-crash-on-invalid-data.patch The remaining boundary check is left in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch For the sake of completeness, the whole upstream patch for these CVEs is added in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org Checksums-Sha1: 493f548cdd71005ec9d0754918a728a53e8e1c6a 20984 librlottie-dev_0.1+dfsg-4.2+deb13u1_i386.deb 6ddd37b624d12ab01d63926d48741a2be88142ae 1982092 librlottie0-1-dbgsym_0.1+dfsg-4.2+deb13u1_i386.deb 0b2d1de67fe0e5dc8819797282b2af1d0918d785 122156 librlottie0-1_0.1+dfsg-4.2+deb13u1_i386.deb 6d7b901e496f8c01934aab80be15760ef0d46368 7271 rlottie_0.1+dfsg-4.2+deb13u1_i386-buildd.buildinfo Checksums-Sha256: fe23efa1ecc10f7d98e9880f832f3b5257a836d443688eafceebb080ad663751 20984 librlottie-dev_0.1+dfsg-4.2+deb13u1_i386.deb 536dfe07870a19562e25874173e9c90488e463d9ef9f8362b6d6fa9d77af31f6 1982092 librlottie0-1-dbgsym_0.1+dfsg-4.2+deb13u1_i386.deb 48438ececf3bc8b73cabfd067111193d5d6295a537f579399fcb1e3e6219872b 122156 librlottie0-1_0.1+dfsg-4.2+deb13u1_i386.deb 6b31191e33369d685d64647cf64e6f186840f67ee1ae34f50092367d11d94be9 7271 rlottie_0.1+dfsg-4.2+deb13u1_i386-buildd.buildinfo Files: d8a11eb02f65e40a5be76929d6feb68c 20984 libdevel optional librlottie-dev_0.1+dfsg-4.2+deb13u1_i386.deb eca73afaef6758722f00429885e7c035 1982092 debug optional librlottie0-1-dbgsym_0.1+dfsg-4.2+deb13u1_i386.deb 1db2f7a4df273b1571025f5f84f927da 122156 libs optional librlottie0-1_0.1+dfsg-4.2+deb13u1_i386.deb 9ecf4e24360b43bd9d29c4463436a3cf 7271 libs optional rlottie_0.1+dfsg-4.2+deb13u1_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmlG1OIACgkQiZlfn74W V6lBKhAAnyFDhSXhKTJW6v+gQgk89XJb4GWNnNzs/9z9mXl8AEXIzNk3bWsavVJ7 Gz1TCa2PXRQM0RRsu5V7GOtIkgweYYYtWX6AlArzK/Afo0kFf6ZBPebrWMKAytoU r4BzP1l5Zm+Nb9G/QmANEbEqrmtaquxXTHRF1t72BnHKi7z4CAbaR+njgHRvqL6Z xSE/8CYP0MfjDDw0VVzsF1240fdYsZABqukx+nXTVHuj2Bm2yhMO5bjlTUdELMgX skTb10rCOhdBsGTdNWgbfph0blisO0NtHaYsGZTQHfwLgU9ZCSF9yL5nvQ5N2OEf Od1mKxTxNjrTtvMO0+cO1XyKbHJnxLnEgXnV8tPTiyf4i5VblN1elVwcvxbvJUJE lW4SzAKbLu3JpJdP8hrLHxGP7HXD43JmXH56B4NfzWK4GMgxYqkQB4/BXROa4efs UTVFZJ+AZlsz+Ik15D5yM7ssvJrAXDlJeaeyyD0CLQ0TBnxdokDCFEkthKUAfR05 QbEMU/2cbQIZJbmh8Q0SQWAKI8nVCrWLVrNbEaxIzNxQ4i4cng5QmjfxtRZzyeb0 zSOkfn5zSqj+Ff2os7Iltnw/k+RiT7Kw/u9XD1fL3s5fy3FePYer3+RpBn55S07z 2OcQDcqY7VDEnhYik9BUHPm0gZtFPSIDRbSeICIWR+pOMaRJ5sQ= =iqM3 -----END PGP SIGNATURE-----