[Git][security-tracker-team/security-tracker][master] CVE-2018-19876/cairo: clarify when the problem was introduced
Emilio Pozuelo Monfort
pochu at debian.org
Wed Dec 12 12:16:01 GMT 2018
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8bd9447d by Emilio Pozuelo Monfort at 2018-12-12T12:15:43Z
CVE-2018-19876/cairo: clarify when the problem was introduced
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2172,6 +2172,11 @@ CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c,
[jessie] - cairo <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=191595
NOTE: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
+ NOTE: Code introduced in
+ NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/616fb7a9f2612f6cc3472542a70ba3e8ccf16584 and
+ NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/0fd0fd0ae9ad8cfb177bb844091de98c0235917e,
+ NOTE: and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially
+ NOTE: fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
CVE-2018-1002104
RESERVED
CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bd9447d8d206cf17c284abf98604c6e8eb87302
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bd9447d8d206cf17c284abf98604c6e8eb87302
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181212/a3014a5b/attachment.html>
More information about the debian-security-tracker-commits
mailing list