[Git][security-tracker-team/security-tracker][master] Add Debian bug references for rlottie issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 5 20:16:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56f1c77b by Salvatore Bonaccorso at 2026-06-05T21:15:12+02:00
Add Debian bug references for rlottie issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1130,7 +1130,7 @@ CVE-2026-49837
[bullseye] - gobgp <postponed> (Limited support)
NOTE: https://github.com/osrg/gobgp/security/advisories/GHSA-gjrg-jjr3-56cm
CVE-2026-8916 (Out-of-bounds write vulnerability in Samsung Open Source rlottie allow ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1138916)
NOTE: https://github.com/Samsung/rlottie/pull/589
NOTE: https://github.com/Samsung/rlottie/commit/ffe60942892c3d68b14560761ea920d360ef51bb
CVE-2026-8762
@@ -1195,7 +1195,7 @@ CVE-2026-4104 (Authorization bypass through User-Controlled SQL primary key vuln
CVE-2026-49771 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-49510 (Integer overflow or wraparound vulnerability in Samsung Open Source rl ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1138921)
NOTE: https://github.com/Samsung/rlottie/pull/592
CVE-2026-49204 (Leftover debug modules contain fixed credentials for internal AWS Cogn ...)
NOT-FOR-US: Acer
@@ -1234,18 +1234,18 @@ CVE-2026-47707 (Strawberry GraphQL is a library for creating GraphQL APIs. In ve
CVE-2026-47706 (Strawberry GraphQL is a library for creating GraphQL APIs. In versions ...)
NOT-FOR-US: Strawberry GraphQL
CVE-2026-47320 (Access of uninitialized pointer, Uncontrolled Recursion vulnerability ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1138920)
NOTE: https://github.com/Samsung/rlottie/pull/593
CVE-2026-47319 (Memory allocation with excessive size value vulnerability in Samsung O ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1138919)
NOTE: https://github.com/Samsung/rlottie/pull/588
NOTE: https://github.com/Samsung/rlottie/commit/5def9f402b1cb5b09f52655e414f0afba4ffd959
CVE-2026-47318 (Stack-based buffer overflow vulnerability in Samsung Open Source rlott ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1138918)
NOTE: https://github.com/Samsung/rlottie/pull/582
NOTE: https://github.com/Samsung/rlottie/commit/9e4f354f6ebdf294738ef7abf1728f40889c2c51
CVE-2026-47306 (Uncontrolled Recursion vulnerability in Samsung Open Source rlottie al ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1138917)
NOTE: https://github.com/Samsung/rlottie/pull/585
NOTE: https://github.com/Samsung/rlottie/commit/1cda06022e53206c230fb0c6e38b2adaea729a5d
CVE-2026-45739 (Strawberry GraphQL is a library for creating GraphQL APIs. In versions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56f1c77b7894d0c1e112a7b36838cf1fe4ff66e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56f1c77b7894d0c1e112a7b36838cf1fe4ff66e9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260605/f0371eca/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list