Sign me up Login

Details about package rlottie

Name: rlottie (PTS)
Uploader: Nicholas Guriev <guriev-ns@ya.ru> (Debian QA page)
Description: librlottie0-1 - library for rendering vector based animations and art
librlottie-dev - library for rendering vector based animations and art (development headers)

Package uploads

Upload #1

Information

Version: 0.1+dfsg-2+deb11u2
Uploaded: 2026-07-09 16:22
Source package: rlottie_0.1+dfsg-2+deb11u2.dsc
Distribution: bullseye-security
Section: libs
Priority: optional
Homepage: https://github.com/Samsung/rlottie
Vcs-Git: https://salsa.debian.org/debian/rlottie.git
Vcs-Browser: https://salsa.debian.org/debian/rlottie
Closes bugs: #994614 #1138916 #1138917 #1138918 #1138919 #1138920 #1139179

Changelog

 rlottie (0.1+dfsg-2+deb11u2) bullseye-security; urgency=medium
 .
   * Apply fixes and improve stability.
   * Backported patches:
     - Atomic-render.patch
     - Avoid-assertion-failures.patch (closes: #1138916, fixes: CVE-2026-8916)
     - Check-empty-frames.patch
     - Finite-loop-in-VBezier-tAtLength.patch
     - Fix-heap-buffer-overflow-from-short-truncation.patch
     - Fixed-signed-shift-issue.patch (closes: #1139179, fixes: CVE-2026-10305)
     - Fixed-vpath-potential-issue.patch (closes: #1138919, fixes: CVE-2026-47319)
     - Ignore-unspecified-type.patch
     - Init-keyframe.patch
     - Limit-recursion-in-LOTLayerItem.patch (closes: #1138920, fixes: CVE-2026-47320)
     - No-cyclic-structures.patch (closes: #1138917, fixes: CVE-2026-47306)
     - No-deadlock.patch
     - Positive-points.patch
     - Reject-reversed-frames.patch
     - Stop-VBezier-length-overflow.patch
   * Amended patches:
     - Check-buffer-length.patch
     - Fortify-FreeType-raster.patch (closes: #1138918, fixes: CVE-2026-47318)
   * Replace Zero-corrupt-point.patch with Empty-animation-data.patch based on
     Subhransu Mohanty's commit (closes: #994614).

QA information

Comments

No comments