On 2019-06-03 21:37 +0200, Salvatore Bonaccorso wrote:
> Source: cairo
> Version: 1.16.0-4
> Severity: important
> Tags: security upstream
> Forwarded: https://gitlab.freedesktop.org/cairo/cairo/issues/352
> Control: found -1 1.14.8-1
>
> Hi,
>
> The following vulnerability was published for cairo, filling for
> tracking.
>
> CVE-2019-6461[0]:
> | An issue was discovered in cairo 1.16.0. There is an assertion problem
> | in the function _cairo_arc_in_direction in the file cairo-arc.c.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-6461
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6461
> [1] https://gitlab.freedesktop.org/cairo/cairo/issues/352
This should be fixed in cairo 1.18.0-1, according to upstream commit
86d7025af513[1].
Cheers,
Sven
1.
https://gitlab.freedesktop.org/cairo/cairo/-/commit/86d7025af513ac012961cfc6fdee99249342b8e7
