[Git][security-tracker-team/security-tracker][master] Reserve DLA-4474-1 for rlottie

Mon Feb 9 16:53:20 GMT 2026


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc07689c by Thorsten Alteholz at 2026-02-09T17:52:59+01:00
Reserve DLA-4474-1 for rlottie

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80357,14 +80357,12 @@ CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source r
 	- rlottie 0.1+dfsg-4.3 (bug #1109341)
 	[trixie] - rlottie 0.1+dfsg-4.2+deb13u1
 	[bookworm] - rlottie 0.1+dfsg-4+deb12u1
-	[bullseye] - rlottie <postponed> (Minor issue)
 	NOTE: https://github.com/Samsung/rlottie/pull/571
 	NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
 CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows ...)
 	- rlottie 0.1+dfsg-4.3 (bug #1109341)
 	[trixie] - rlottie 0.1+dfsg-4.2+deb13u1
 	[bookworm] - rlottie 0.1+dfsg-4+deb12u1
-	[bullseye] - rlottie <postponed> (Minor issue)
 	NOTE: https://github.com/Samsung/rlottie/pull/571
 	NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
 CVE-2025-46014 (Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 ...)
@@ -80395,7 +80393,6 @@ CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie allow
 	- rlottie 0.1+dfsg-4.3 (bug #1109341)
 	[trixie] - rlottie 0.1+dfsg-4.2+deb13u1
 	[bookworm] - rlottie 0.1+dfsg-4+deb12u1
-	[bullseye] - rlottie <postponed> (Minor issue)
 	NOTE: https://github.com/Samsung/rlottie/pull/571
 	NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
 CVE-2015-20112 (RLPx 5 has two CTR streams based on the same key, IV, and nonce. This  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Feb 2026] DLA-4474-1 rlottie - security update
+	{CVE-2025-0634 CVE-2025-53074 CVE-2025-53075}
+	[bullseye] - rlottie 0.1+dfsg-2+deb11u1
 [08 Feb 2026] DLA-4473-1 zabbix - security update
 	{CVE-2025-27234}
 	[bullseye] - zabbix 1:5.0.47+dfsg-0+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc07689c5253b1326744e95193bc0322ebddb1b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc07689c5253b1326744e95193bc0322ebddb1b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260209/560905aa/attachment-0001.htm>
