Bug#915801: cairo: CVE-2018-19876
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 15 06:49:20 GMT 2019
On Thu, Mar 14, 2019 at 11:15:01PM +0100, Moritz Mühlenhoff wrote:
> On Thu, Dec 06, 2018 at 09:59:39PM +0100, Salvatore Bonaccorso wrote:
> > Source: cairo
> > Version: 1.16.0-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
> >
> > Hi,
> >
> > The following vulnerability was published for cairo.
> >
> > CVE-2018-19876[0]:
> > | cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would
> > | free memory using a free function incompatible with WebKit's
> > | fastMalloc, leading to an application crash with a "free(): invalid
> > | pointer" error.
>
> Fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
Given the relevance in the affected versions in buster, should this be
fixed in time before the buster release?
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list