On Thu, Mar 14, 2019 at 11:15:01PM +0100, Moritz Mühlenhoff wrote: > On Thu, Dec 06, 2018 at 09:59:39PM +0100, Salvatore Bonaccorso wrote: > > Source: cairo > > Version: 1.16.0-1 > > Severity: important > > Tags: security upstream > > Forwarded: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 > > > > Hi, > > > > The following vulnerability was published for cairo. > > > > CVE-2018-19876[0]: > > | cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would > > | free memory using a free function incompatible with WebKit's > > | fastMalloc, leading to an application crash with a "free(): invalid > > | pointer" error. > > Fixed in > https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
Given the relevance in the affected versions in buster, should this be fixed in time before the buster release? Regards, Salvatore