[Git][security-tracker-team/security-tracker][master] CVE-2018-19876/cairo: clarify when the problem was introduced

Wed, 12 Dec 2018 04:17:09 -0800 

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bd9447d by Emilio Pozuelo Monfort at 2018-12-12T12:15:43Z
CVE-2018-19876/cairo: clarify when the problem was introduced

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2172,6 +2172,11 @@ CVE-2018-19876 (cairo 1.16.0, in 
cairo_ft_apply_variations() in cairo-ft-font.c,
        [jessie] - cairo <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugs.webkit.org/show_bug.cgi?id=191595
        NOTE: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
+       NOTE: Code introduced in
+       NOTE: 
https://gitlab.freedesktop.org/cairo/cairo/commit/616fb7a9f2612f6cc3472542a70ba3e8ccf16584
 and
+       NOTE: 
https://gitlab.freedesktop.org/cairo/cairo/commit/0fd0fd0ae9ad8cfb177bb844091de98c0235917e,
+       NOTE: and became vulnerable with freetype 2.9 which allows to define a 
different allocator. Partially
+       NOTE: fixed in 
https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
 CVE-2018-1002104
        RESERVED
 CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the 
Kubernetes ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bd9447d8d206cf17c284abf98604c6e8eb87302

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bd9447d8d206cf17c284abf98604c6e8eb87302
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to