Summary: | <x11-libs/cairo-1.18.0: Multiple vulnerabilities (CVE-2019-{6461,6462}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | pavol.cupka |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 916771 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2020-04-17 01:20:46 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > function _arc_error_normalized in the file cairo-arc.c, related to > _arc_max_angle_for_tolerance_normalized. https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > CVE-2019-6461 (https://nvd.nist.gov/vuln/detail/CVE-2019-6461): > An issue was discovered in cairo 1.16.0. There is an assertion problem in > the function _cairo_arc_in_direction in the file cairo-arc.c. https://gitlab.freedesktop.org/cairo/cairo/-/issues/352 Still no movement upstream (In reply to John Helmert III from comment #1) > (In reply to GLSAMaker/CVETool Bot from comment #0) > > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > > function _arc_error_normalized in the file cairo-arc.c, related to > > _arc_max_angle_for_tolerance_normalized. > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > This one is fixed now (not yet in a release, but merged): https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155. Other isn't. (In reply to Sam James from comment #2) > (In reply to John Helmert III from comment #1) > > (In reply to GLSAMaker/CVETool Bot from comment #0) > > > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > > > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > > > function _arc_error_normalized in the file cairo-arc.c, related to > > > _arc_max_angle_for_tolerance_normalized. > > > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > > > > This one is fixed now (not yet in a release, but merged): > https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155. Released in 1.17.6. (In reply to John Helmert III from comment #1) > > CVE-2019-6461 (https://nvd.nist.gov/vuln/detail/CVE-2019-6461): > > An issue was discovered in cairo 1.16.0. There is an assertion problem in > > the function _cairo_arc_in_direction in the file cairo-arc.c. > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/352 Fixed in 1.18.0. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1706f49e1fd8c1605c4af96774563e3da549fd4 commit a1706f49e1fd8c1605c4af96774563e3da549fd4 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-12-02 16:22:03 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-12-02 16:22:05 +0000 x11-libs/cairo: Drop old versions Bug: https://bugs.gentoo.org/717778 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-libs/cairo/Manifest | 1 - x11-libs/cairo/cairo-1.17.8.ebuild | 100 ------------------- .../1.17.8-tee-Fix-cairo-wrapper-functions.patch | 109 --------------------- 3 files changed, 210 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0897de043b952b959cced19df113deece9669a85 commit 0897de043b952b959cced19df113deece9669a85 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-07 11:19:32 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-07 11:19:41 +0000 [ GLSA 202408-09 ] Cairo: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/717778 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-09.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) |