Your message dated Wed, 02 Jun 2021 09:18:55 +0000 with message-id <e1lon1b-0001fa...@fasolo.debian.org> and subject line Bug#988885: fixed in rlottie 0.1+dfsg-2 has caused the Debian Bug report #988885, regarding CVE-2021-31323 CVE-2021-31322 CVE-2021-31321 CVE-2021-31320 CVE-2021-31319 CVE-2021-31318 CVE-2021-31317 CVE-2021-31315 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rlottie Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> CVE-2021-31323: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/ CVE-2021-31322: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/ CVE-2021-31321: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/ CVE-2021-31320: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/ CVE-2021-31319: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/ CVE-2021-31318: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/ CVE-2021-31317: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/ CVE-2021-31315: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: rlottie Source-Version: 0.1+dfsg-2 Done: Nicholas Guriev <guriev...@ya.ru> We believe that the bug you reported is fixed in the latest version of rlottie, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicholas Guriev <guriev...@ya.ru> (supplier of updated rlottie package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Jun 2021 09:23:26 +0300 Source: rlottie Built-For-Profiles: noudeb Architecture: source Version: 0.1+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Nicholas Guriev <guriev...@ya.ru> Changed-By: Nicholas Guriev <guriev...@ya.ru> Closes: 974095 984323 988885 Changes: rlottie (0.1+dfsg-2) unstable; urgency=medium . * Update patches. - Sync patches with John Preston's fork. + New Freetype-raster.patch for fix CVE-2021-31321. (Closes: #988885) + New Fortify-lottie-parser.patch for fix crashes on invalid input. - New Extend-mDash-array.patch for fix CVE-2021-31317. (Closes: #988885) - New Include-limits-header.patch for fix build with the latest GCC. (Closes: #984323) - New Zero-corrupt-point.patch for fix crash on inappropriate shape. (Closes: #974095) - New Avoid-nullptr-in-solidColor.patch fixes null pointer dereferencing. - Fix error handling of broken JSON that led to crashes. * Skip RAPIDJSON_ASSERT as in Telegram or in upstream rLottie. Checksums-Sha1: 90439a3ddd185055a63859d560bfaf901475b0ff 2048 rlottie_0.1+dfsg-2.dsc 9502bc502f94386a08f445069b7ab05608f10cb5 16016 rlottie_0.1+dfsg-2.debian.tar.xz e3ab9f2041dd8f84697776e781352043ee0f0641 5581 rlottie_0.1+dfsg-2_source.buildinfo Checksums-Sha256: f1250aeedb0ce1224980eecf3977a60eef3dbffe4644d9803b33ff39efaa4fe6 2048 rlottie_0.1+dfsg-2.dsc 1d2d16ac3cc8b6566a898d9a05f97b5b55a5706af78fb94f8bfb96ea1f1bedf3 16016 rlottie_0.1+dfsg-2.debian.tar.xz e4f7ba6b8d91d8a7d2e26b21fc5cae50e6c54cc7348d1ef4616dfcdaef3ef1c1 5581 rlottie_0.1+dfsg-2_source.buildinfo Files: deac0fec5bc2662998190043227da0bb 2048 libs optional rlottie_0.1+dfsg-2.dsc b8dc772e1986433d5b161ffb6fc29904 16016 libs optional rlottie_0.1+dfsg-2.debian.tar.xz 6f52cfc803a5adc2af13b4a43a295c58 5581 libs optional rlottie_0.1+dfsg-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEErCXL1OhKV/yjM8ucSd94pekx4+EFAmC3RwYQHGd1cmlldi1u c0B5YS5ydQAKCRBJ33il6THj4blGD/90qWgkbTmdk++CY6XiRX9mGrmj0uagUF0H CUf1WWciTH+vzJcXskZQ8ix/yHbkI2UzTLTk69dfqDB0ChM7mt6Krkl1fA729FoR zBUWK9dRTq/bzdIkWKJnUscb31vhI6XrE2LnQawGAT/Ekwb/ZJ8u5U2aKwkZNcfA jxqc+xSu46YLpkDzSyQ77g8oyhwmknc6YT2cMa7fWxuN74EtQ3dtKHV92Kzfcmu7 EqRZGXAy+wtntZreS2uVQ6NGfJt4H732TIz8jXqC84/jd3ePy9hYd+N8MN8PBaAP nUtvG/IG8HuGfwWptqLz1Fpj2fxvQ75FekA2lhR7mgPnPntZhYjaxC6C/vS2LKDP MVaHQT4PW4h5TfiTY7+cW9L06W4zISIw03uwdS2jGiyKW8fvls1yYk5WLdXVR9+g 4qFgbBsLP1JhP7yM06OCzwxJox2XqOzDSpKz1cdT97dXTmL2seoO+x6RfxAHGdAT ZINIVUcImjW3LF0B98e/4Ad1wKFJJMu0H43dinef6QQN4GW54HwYYp8l7bitp9hr 9w+VOmLtd1QmRn9sfRvpNyLnH7Dw18ZhrlW/98vKTaQqaMo5ff12KslK+KQnEUj6 69by6umiV2zigHrqLUnXTLfRwuchLvlTcVlno1LKncYInbePAceO7OskItvCsLJQ uR6UruM7ew== =lGUJ -----END PGP SIGNATURE-----
--- End Message ---
