Bug#868580: closed by Simon McVittie <smcv at debian.org> (Re: Bug#868580: cairo: CVE-2017-9814)
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 28 21:07:26 BST 2021
Hi Simon,
> Version: 1.16.0-1
>
> On Sun, 16 Jul 2017 at 22:52:11 +0200, Salvatore Bonaccorso wrote:
> > CVE-2017-9814[0]:
> > | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote
> > | attackers to cause a denial of service (out-of-bounds read) because of
> > | mishandling of an unexpected malloc(0) call.
>
> This appears to have been fixed in 1.15.14, which means it's fixed in
> buster and bullseye.
I cannot check right now, but is this correct? The upstream issue
https://gitlab.freedesktop.org/cairo/cairo/-/issues/264 seems to have
been closed only very recently a few weeks ago, or where those only
additional followups?
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list