Simon, On Tue, Sep 28, 2021 at 09:47:31PM +0100, Simon McVittie wrote: > On Tue, 28 Sep 2021 at 22:07:26 +0200, Salvatore Bonaccorso wrote: > > > This appears to have been fixed in 1.15.14, which means it's fixed in > > > buster and bullseye. > > > > I cannot check right now, but is this correct? The upstream issue > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/264 seems to have > > been closed only very recently a few weeks ago, or where those only > > additional followups? > > Those were additional followups, as far as I can tell. If they fixed > additional security issues in the same pattern, then those additional > security issues would need a separate CVE.
Ack, thank you. Updated the security-tracker earlier then with the fixed version. Regards, Salvatore
