-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Jun 2021 09:23:26 +0300 Source: rlottie Built-For-Profiles: noudeb Architecture: source Version: 0.1+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Nicholas Guriev <guriev-ns@ya.ru> Changed-By: Nicholas Guriev <guriev-ns@ya.ru> Closes: 974095 984323 988885 Changes: rlottie (0.1+dfsg-2) unstable; urgency=medium . * Update patches. - Sync patches with John Preston's fork. + New Freetype-raster.patch for fix CVE-2021-31321. (Closes: #988885) + New Fortify-lottie-parser.patch for fix crashes on invalid input. - New Extend-mDash-array.patch for fix CVE-2021-31317. (Closes: #988885) - New Include-limits-header.patch for fix build with the latest GCC. (Closes: #984323) - New Zero-corrupt-point.patch for fix crash on inappropriate shape. (Closes: #974095) - New Avoid-nullptr-in-solidColor.patch fixes null pointer dereferencing. - Fix error handling of broken JSON that led to crashes. * Skip RAPIDJSON_ASSERT as in Telegram or in upstream rLottie. Checksums-Sha1: 90439a3ddd185055a63859d560bfaf901475b0ff 2048 rlottie_0.1+dfsg-2.dsc 9502bc502f94386a08f445069b7ab05608f10cb5 16016 rlottie_0.1+dfsg-2.debian.tar.xz e3ab9f2041dd8f84697776e781352043ee0f0641 5581 rlottie_0.1+dfsg-2_source.buildinfo Checksums-Sha256: f1250aeedb0ce1224980eecf3977a60eef3dbffe4644d9803b33ff39efaa4fe6 2048 rlottie_0.1+dfsg-2.dsc 1d2d16ac3cc8b6566a898d9a05f97b5b55a5706af78fb94f8bfb96ea1f1bedf3 16016 rlottie_0.1+dfsg-2.debian.tar.xz e4f7ba6b8d91d8a7d2e26b21fc5cae50e6c54cc7348d1ef4616dfcdaef3ef1c1 5581 rlottie_0.1+dfsg-2_source.buildinfo Files: deac0fec5bc2662998190043227da0bb 2048 libs optional rlottie_0.1+dfsg-2.dsc b8dc772e1986433d5b161ffb6fc29904 16016 libs optional rlottie_0.1+dfsg-2.debian.tar.xz 6f52cfc803a5adc2af13b4a43a295c58 5581 libs optional rlottie_0.1+dfsg-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEErCXL1OhKV/yjM8ucSd94pekx4+EFAmC3RwYQHGd1cmlldi1u c0B5YS5ydQAKCRBJ33il6THj4blGD/90qWgkbTmdk++CY6XiRX9mGrmj0uagUF0H CUf1WWciTH+vzJcXskZQ8ix/yHbkI2UzTLTk69dfqDB0ChM7mt6Krkl1fA729FoR zBUWK9dRTq/bzdIkWKJnUscb31vhI6XrE2LnQawGAT/Ekwb/ZJ8u5U2aKwkZNcfA jxqc+xSu46YLpkDzSyQ77g8oyhwmknc6YT2cMa7fWxuN74EtQ3dtKHV92Kzfcmu7 EqRZGXAy+wtntZreS2uVQ6NGfJt4H732TIz8jXqC84/jd3ePy9hYd+N8MN8PBaAP nUtvG/IG8HuGfwWptqLz1Fpj2fxvQ75FekA2lhR7mgPnPntZhYjaxC6C/vS2LKDP MVaHQT4PW4h5TfiTY7+cW9L06W4zISIw03uwdS2jGiyKW8fvls1yYk5WLdXVR9+g 4qFgbBsLP1JhP7yM06OCzwxJox2XqOzDSpKz1cdT97dXTmL2seoO+x6RfxAHGdAT ZINIVUcImjW3LF0B98e/4Ad1wKFJJMu0H43dinef6QQN4GW54HwYYp8l7bitp9hr 9w+VOmLtd1QmRn9sfRvpNyLnH7Dw18ZhrlW/98vKTaQqaMo5ff12KslK+KQnEUj6 69by6umiV2zigHrqLUnXTLfRwuchLvlTcVlno1LKncYInbePAceO7OskItvCsLJQ uR6UruM7ew== =lGUJ -----END PGP SIGNATURE-----