[Git][security-tracker-team/security-tracker][master] Add new rlottie issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d06cb34f by Salvatore Bonaccorso at 2026-06-05T00:02:53+02:00
Add new rlottie issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,8 @@ CVE-2026-4104 (Authorization bypass through User-Controlled SQL primary key vuln
 CVE-2026-49771 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-49510 (Integer overflow or wraparound vulnerability in Samsung Open Source rl ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://github.com/Samsung/rlottie/pull/592
 CVE-2026-49204 (Leftover debug modules contain fixed credentials for internal AWS Cogn ...)
 	NOT-FOR-US: Acer
 CVE-2026-49203 (Crucial management API endpoints for cellular eSIM allocation do not v ...)
@@ -105,13 +106,20 @@ CVE-2026-47707 (Strawberry GraphQL is a library for creating GraphQL APIs. In ve
 CVE-2026-47706 (Strawberry GraphQL is a library for creating GraphQL APIs. In versions ...)
 	NOT-FOR-US: Strawberry GraphQL
 CVE-2026-47320 (Access of uninitialized pointer, Uncontrolled Recursion vulnerability  ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://github.com/Samsung/rlottie/pull/593
 CVE-2026-47319 (Memory allocation with excessive size value vulnerability in Samsung O ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://github.com/Samsung/rlottie/pull/588
+	NOTE: https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
 CVE-2026-47318 (Stack-based buffer overflow vulnerability in Samsung Open Source rlott ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://github.com/Samsung/rlottie/pull/582
+	NOTE: https://github.com/Samsung/rlottie/commit/9e4f354f6ebdf294738ef7abf1728f40889c2c51
 CVE-2026-47306 (Uncontrolled Recursion vulnerability in Samsung Open Source rlottie al ...)
-	TODO: check
+	- rlottie <unfixed>
+	NOTE: https://github.com/Samsung/rlottie/pull/585
+	NOTE: https://github.com/Samsung/rlottie/commit/1cda06022e53206c230fb0c6e38b2adaea729a5d
 CVE-2026-45739 (Strawberry GraphQL is a library for creating GraphQL APIs. In versions ...)
 	NOT-FOR-US: Strawberry GraphQL
 CVE-2026-45433 (This vulnerability exists in GX Earth 2022 ONT models due to the prese ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d06cb34fc33b621b3bf85c1e3f3e43f789ae19d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d06cb34fc33b621b3bf85c1e3f3e43f789ae19d1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/bc17943a/attachment.htm>