It affects only cairo embedded into Firefox. https://security-tracker.debian.org/tracker/CVE-2013-0800
"The description is misleading: Firefox embeds a copy of Cairo, the interdiff shows the respective change at mozilla-esr17/gfx/cairo/cairo/src/cairo-image-surface.c Apparently the forked copy has changed, the code isn't present in vanilla Cairo" Signed-off-by: Mikko Rapeli <[email protected]> --- meta/recipes-graphics/cairo/cairo_1.16.0.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb index 8663dec404..29088ab0d6 100644 --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/meta/recipes-graphics/cairo/cairo_1.16.0.bb @@ -29,6 +29,9 @@ SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ file://CVE-2019-6462.patch \ " +# Affects only embedded cairo in Firefox +CVE_CHECK_WHITELIST += "CVE-2013-0800" + SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" SRC_URI[sha256sum] = "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331" -- 2.20.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146736): https://lists.openembedded.org/g/openembedded-core/message/146736 Mute This Topic: https://lists.openembedded.org/mt/79698844/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
