cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c frees memory using the wrong free function, leading to memory corruption. Because cairo is used by WebKitGTK+, WPE WebKit, and the WinCairo port of WebKit, this issue can be triggered by web content. reference: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 @maintainer(s): Patch available, see reference. Gentoo Security Padawan (domhnall)
https://bugs.webkit.org/show_bug.cgi?id=191595
(In reply to Yury German from comment #1) > https://bugs.webkit.org/show_bug.cgi?id=191595 Fix is in 1.17.2 git tag --contains 6edf572ebb27b00d3c371ba5ae267e39d27d5b6d
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e27a74b58384414d920401521f7460a240ea37a commit 8e27a74b58384414d920401521f7460a240ea37a Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2019-03-30 02:00:30 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2019-03-30 02:03:47 +0000 x11-libs/cairo: Pull in a few fixes from upstream Bug: https://bugs.gentoo.org/672908 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-libs/cairo/cairo-1.16.0-r3.ebuild | 132 +++++++++++++++++++++ ...one_MM_Var-instead-of-free-when-available.patch | 30 +++++ .../files/cairo-1.16.0-pdf-add-missing-flush.patch | 29 +++++ 3 files changed, 191 insertions(+)
Arches, please stabilize.
(In reply to Matt Turner from comment #4) > Arches, please stabilize. Thanks, Matt!
amd64 stable
arm stable
ppc/ppc64 stable
x86 stable
This issue was resolved and addressed in GLSA 201904-01 at https://security.gentoo.org/glsa/201904-01 by GLSA coordinator Aaron Bauman (b-man).
re-opened for final arches and clean-up
sparc stable
hppa too
ia64 stable
s390 stable
alpha stable
arm64 stable
tree is clean
