CVE-2018-18356: Use-after-free in Skia Impact high Description A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. References CVE-2019-5785: Integer overflow in Skia Impact high Description An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81c8c0a4c54d61012d95a35c93caad42ec6681c3 commit 81c8c0a4c54d61012d95a35c93caad42ec6681c3 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-02-15 18:20:45 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-02-15 18:21:09 +0000 www-client/firefox: security cleanup Bug: https://bugs.gentoo.org/677856 Package-Manager: Portage-2.3.59, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 185 -------- www-client/firefox/firefox-60.5.0-r1.ebuild | 420 ----------------- www-client/firefox/firefox-65.0-r1.ebuild | 688 ---------------------------- www-client/firefox/firefox-65.0.ebuild | 666 --------------------------- 4 files changed, 1959 deletions(-)
x86 stable
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201903-04 at https://security.gentoo.org/glsa/201903-04 by GLSA coordinator Aaron Bauman (b-man).