-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 Nov 2025 12:05:10 +0100 Source: rlottie Binary: librlottie-dev librlottie0-1 librlottie0-1-dbgsym Architecture: riscv64 Version: 0.1+dfsg-4.2+deb13u1 Distribution: trixie Urgency: medium Maintainer: riscv64 Build Daemon (rv-osuosl-01) Changed-By: Thorsten Alteholz Description: librlottie-dev - library for rendering vector based animations and art (developmen librlottie0-1 - library for rendering vector based animations and art Closes: 1109341 Changes: rlottie (0.1+dfsg-4.2+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2025-0634 (Closes: #1109341) CVE-2025-53074 CVE-2025-53075 Most patches to fix these issues are already part of: Fix-crash-on-invalid-data.patch The remaining boundary check is left in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch For the sake of completeness, the whole upstream patch for these CVEs is added in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org Checksums-Sha1: 8015b037b5604367ae00de08d5b1a591cd30c756 21000 librlottie-dev_0.1+dfsg-4.2+deb13u1_riscv64.deb d185f4bbffc2a24c670c329ae156f9a1446e88a1 1804724 librlottie0-1-dbgsym_0.1+dfsg-4.2+deb13u1_riscv64.deb 18742e813e96ad77074ef79c9f457bbe91e073ae 119240 librlottie0-1_0.1+dfsg-4.2+deb13u1_riscv64.deb c5bd31409026baea44727c8998daab0fda4c3d7c 7323 rlottie_0.1+dfsg-4.2+deb13u1_riscv64-buildd.buildinfo Checksums-Sha256: bd76d3c386fdc514b945bbada2db9dd3235386c3f061f764b98e47c9334562c6 21000 librlottie-dev_0.1+dfsg-4.2+deb13u1_riscv64.deb 8f0c8e802a17e6017455aeab0d80d81fa333559d31e95692a1faa22eb786c427 1804724 librlottie0-1-dbgsym_0.1+dfsg-4.2+deb13u1_riscv64.deb 9bd5f97b2276037c87ad8c7fc6de09501a5b01a3791f76eae106593a67a2363f 119240 librlottie0-1_0.1+dfsg-4.2+deb13u1_riscv64.deb 61f925ec568570d1803ef4e2ce7fd4541ab394a216ead41eeeee458f84fec823 7323 rlottie_0.1+dfsg-4.2+deb13u1_riscv64-buildd.buildinfo Files: d24481ec13beef0fc09b91800e9b6164 21000 libdevel optional librlottie-dev_0.1+dfsg-4.2+deb13u1_riscv64.deb b1a7c8e0530ad6f955adf9e5b4eb91d2 1804724 debug optional librlottie0-1-dbgsym_0.1+dfsg-4.2+deb13u1_riscv64.deb a96cf9550b753098114665e77d4ea584 119240 libs optional librlottie0-1_0.1+dfsg-4.2+deb13u1_riscv64.deb 4d4f296f29aeaac44710f937c8723588 7323 libs optional rlottie_0.1+dfsg-4.2+deb13u1_riscv64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3smN1vgomTkXJcrkIhSPlPtgqxkFAmlG1wkACgkQIhSPlPtg qxn+hw/9EO9O/BWeL50EocRM0tjxfkH8gRgHfMXkOr0vmo+PCMTCmKEDoC8zqwib 7lGgb3U3J/4ba2SkjpuOJ+vJu6WYDFA1BqAdVldScM7R6HpxV8f0vwwufsNjXguO vkizx0CY2RivmGPrRs9ZuWCAmSzm2RlFiPCZKrt5cvP5Mg9zIUeVIbizoyRJcuRQ 2Wbbz5y/e4hxGzrooe7T4Vwa79ke9r4NPNLvp0WRVfXacPU2khbj8Sz7JzO3KcrL ZHZe6IW2SsvxXY4C1R+7jLOLTFUAzhxejMWYE8sFGEil/zwxTmD8YweDgKOMcVWE dfTDcks9kwBf6K/7J7VRVcuu5W35bar/2ajjDWfEFPyV55GiGwzaMGeMrO6rjMU5 LoyscqwKx96IgPTScPBOHc2b1d5bjjQTLLypquh4n/vTZqLHF6Qh4LzIUuc8iRSs OJjw9tl/KaI34Mh83L3F5amoDVj8Uw0Azl8Kgxvs/oX7ou/ctrrdZzthT1VFskE6 OeM5Z4KDLT8+sgO49IstaYhJtylsq9n5cJ3Rovg3L24TKZdfGSV7sz9ESm/YsmtK lwlBXNhKC6SLu+l8YQlnz14GvtyxXFZN2Na/Y5zbgAkuI2oRpIFklmNbN7HtVJxP KeBs89ZKCiPS4y52DVkKWC1UjEEHoUVFJ564vOoqLlLjeppS2QI= =MJ// -----END PGP SIGNATURE-----