Summary: | <x11-libs/cairo-1.16.0-r3: invalid free in cairo_ft_apply_variations | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | x11 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://seclists.org/oss-sec/2018/q4/205 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
x11-libs/cairo-1.16.0-r3
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 596756, 625636 |
Description
D'juan McDonald (domhnall)
2018-12-10 23:44:49 UTC
(In reply to Yury German from comment #1) > https://bugs.webkit.org/show_bug.cgi?id=191595 Fix is in 1.17.2 git tag --contains 6edf572ebb27b00d3c371ba5ae267e39d27d5b6d The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e27a74b58384414d920401521f7460a240ea37a commit 8e27a74b58384414d920401521f7460a240ea37a Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2019-03-30 02:00:30 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2019-03-30 02:03:47 +0000 x11-libs/cairo: Pull in a few fixes from upstream Bug: https://bugs.gentoo.org/672908 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-libs/cairo/cairo-1.16.0-r3.ebuild | 132 +++++++++++++++++++++ ...one_MM_Var-instead-of-free-when-available.patch | 30 +++++ .../files/cairo-1.16.0-pdf-add-missing-flush.patch | 29 +++++ 3 files changed, 191 insertions(+) Arches, please stabilize. (In reply to Matt Turner from comment #4) > Arches, please stabilize. Thanks, Matt! amd64 stable arm stable ppc/ppc64 stable x86 stable This issue was resolved and addressed in GLSA 201904-01 at https://security.gentoo.org/glsa/201904-01 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arches and clean-up sparc stable hppa too ia64 stable s390 stable alpha stable arm64 stable tree is clean |