Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted rlottie 0.1+dfsg-2+deb11u1 (source) into oldoldstable-security
Date: Mon, 09 Feb 2026 14:10:24 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Feb 2026 10:05:10 +0100
Source: rlottie
Architecture: source
Version: 0.1+dfsg-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Nicholas Guriev <guriev-ns@ya.ru>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1109341
Changes:
 rlottie (0.1+dfsg-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2025-0634 (Closes: #1109341)
     CVE-2025-53074
     CVE-2025-53075
     Most patches to fix these issues are already part of:
       Fix-crash-on-invalid-data.patch
     The remaining boundary check is left in:
       CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch
     For the sake of completeness, the whole upstream patch
     for these CVEs is added in:
       CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org
Checksums-Sha1:
 997d9bee29778029336299420e001a35143db2cc 2214 rlottie_0.1+dfsg-2+deb11u1.dsc
 b5c6a1fbed15d57b45f8321aa2fd9fa10dd376f9 2899072 rlottie_0.1+dfsg.orig.tar.xz
 6b7b7fd27ea0ee7334c20bfa6059e2fbb7a30d84 17348 rlottie_0.1+dfsg-2+deb11u1.debian.tar.xz
 5a4a032030e901be2e01becf42bdb136b9d618ad 7979 rlottie_0.1+dfsg-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 a88224a45943c225c794f9f37dfe45c849b74a598bfd3ee0d26ac34c7f6974bd 2214 rlottie_0.1+dfsg-2+deb11u1.dsc
 23ef230681bfec7ed6f2d1e3918fed9456874392594297f9a5b70e0bc58a80eb 2899072 rlottie_0.1+dfsg.orig.tar.xz
 2cec7e96b0eb507504283475b1741f59de9cb1d5886c3229b9735b1e05237b49 17348 rlottie_0.1+dfsg-2+deb11u1.debian.tar.xz
 afebba65fe399e038a6fc30ee2ea1b16f51b8c28efdd8c82a12bdd5ca21ca81c 7979 rlottie_0.1+dfsg-2+deb11u1_amd64.buildinfo
Files:
 9c4d62d1739b62cbb14888512c0b122a 2214 libs optional rlottie_0.1+dfsg-2+deb11u1.dsc
 4a1a9402dd50e0f917b01b762c98a7c8 2899072 libs optional rlottie_0.1+dfsg.orig.tar.xz
 7a69b41024c2c112569937f67d45862f 17348 libs optional rlottie_0.1+dfsg-2+deb11u1.debian.tar.xz
 a82ac09226b953935b1f9f459f7d718d 7979 libs optional rlottie_0.1+dfsg-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmJ52hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR1eQEACNcunH8PS0n87DrLDgE4aFJ9bKm1Vf
xG/NhL+QFN8Qt7hbS+OIwjddM1llbdzjqLBCJ7ePxwit6VwccY9JBg6BM9fXGnrI
ylLXuJgJ2mEhiY8tF4kDXQN5rC+qFZ17U2RmZjRzgfqMB3cSGY/9axnxwSnuRewQ
GZHjrYQPZDU4hIqbFAN/tpLJCSIMeS3ZxYARbNvGuY5yee8UU5PV2IyfuahE6TWk
hpUYSe1XmgVNeDDA05Rml7cL6KQyIYJn6T6V/Hcy4nfrmmcUFbPrCS97uwg619CE
e+99ZxqX3p6jZxR+OQCf22YMYETD80MaRv9tngtRUcnk7HXyx0+HPLrQFaSk4l+a
m7x3gWx1nnFHIX1L0Si3wr7P2zPsb6K0pjIvFNdROrAzzX4DwakXkYbldqD5lmF5
87+ByBlrpOh0tF5AsPagozIOyDpJ0DhIC7Qje6NcUbaq8qh8VcTjtLMsEwRMRQJu
B0xdOZ0K4+1j/GbcqB56BZGeV+lq9E2J+PhdEXw8Y/IzVgzuSsXF3uBHH12qt/Vb
/nLZ8pfc6KyVI9JteuD4TG+0SDtBwH5ES+YFl2++lD71irQRvEw+EF7b+VyiH+1q
w5VQaRH793gNqHy/HlVe2GbZ7rklSSpu4M3RDsQ+5zMbGixDn/WcqY/a6b5PKJmo
Th/In+88f+9CTg==
=ioJ3
-----END PGP SIGNATURE-----

News for package rlottie