cairo - Debian Package Tracker

general

source: cairo (main)
version: 1.18.4-3
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Laurent Bigonville [DMD] – Emilio Pozuelo Monfort [DMD] – Jeremy Bícha [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.16.0-5
oldstable: 1.16.0-7
stable: 1.18.4-1
testing: 1.18.4-3
unstable: 1.18.4-3

versioned links

1.16.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.0-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.18.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.18.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcairo-gobject2
libcairo-script-interpreter2
libcairo2 (39 bugs: 0, 38, 1, 0)
libcairo2-dev (2 bugs: 0, 2, 0, 0)
libcairo2-doc
libcairo2-udeb

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2025-50422: Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

Created: 2022-07-04 Last update: 2026-01-08 05:01

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2025-50422: Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

Created: 2025-08-09 Last update: 2026-01-08 05:01

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-02-24 23:00

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-02-23 Last update: 2026-02-24 20:02

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-08-19 06:28

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-50422: (needs triaging) Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Created: 2023-06-11 Last update: 2026-01-08 05:01

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-50422: (needs triaging) Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

You can find information about how to handle this issue in the security team's documentation.

3 ignored issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Created: 2023-06-10 Last update: 2026-01-08 05:01

news

[rss feed]

[2026-01-08] cairo 1.18.4-3 MIGRATED to testing (Debian testing watch)
[2026-01-02] Accepted cairo 1.18.4-3 (source) into unstable (Jeremy Bícha)
[2025-12-26] Accepted cairo 1.18.4-2 (source) into unstable (Jeremy Bícha)
[2025-03-19] cairo 1.18.4-1 MIGRATED to testing (Debian testing watch)
[2025-03-13] Accepted cairo 1.18.4-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-09-27] cairo 1.18.2-2 MIGRATED to testing (Debian testing watch)
[2024-09-24] Accepted cairo 1.18.2-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-09-10] cairo 1.18.2-1 MIGRATED to testing (Debian testing watch)
[2024-09-04] Accepted cairo 1.18.2-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-05-05] cairo 1.18.0-3 MIGRATED to testing (Debian testing watch)
[2024-05-05] cairo 1.18.0-3 MIGRATED to testing (Debian testing watch)
[2024-03-23] Accepted cairo 1.18.0-3 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2024-03-08] Accepted cairo 1.18.0-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2023-09-29] cairo 1.18.0-1 MIGRATED to testing (Debian testing watch)
[2023-09-23] Accepted cairo 1.18.0-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2023-09-11] cairo 1.17.8-3 MIGRATED to testing (Debian testing watch)
[2023-09-06] Accepted cairo 1.17.8-3 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
[2023-07-02] Accepted cairo 1.17.8-2 (source) into experimental (Jeremy Bícha) (signed by: Jeremy Bicha)
[2023-07-01] Accepted cairo 1.17.8-1 (source) into experimental (Jeremy Bícha) (signed by: Jeremy Bicha)
[2022-12-15] cairo 1.16.0-7 MIGRATED to testing (Debian testing watch)
[2022-12-15] cairo 1.16.0-7 MIGRATED to testing (Debian testing watch)
[2022-12-09] Accepted cairo 1.16.0-7 (source) into unstable (Jeremy Bicha)
[2022-07-18] cairo 1.16.0-6 MIGRATED to testing (Debian testing watch)
[2022-07-13] Accepted cairo 1.16.0-6 (source) into unstable (Simon McVittie)
[2021-01-30] Accepted cairo 1.16.0-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-01-07] cairo 1.16.0-5 MIGRATED to testing (Debian testing watch)
[2021-01-05] Accepted cairo 1.14.8-1+deb9u1 (source amd64 all) into oldstable (Utkarsh Gupta)
[2021-01-01] Accepted cairo 1.16.0-5 (source) into unstable (Simon McVittie)
[2019-03-20] cairo 1.16.0-4 MIGRATED to testing (Debian testing watch)
[2019-03-15] Accepted cairo 1.16.0-4 (source) into unstable (Simon McVittie)

bugs [bug history graph]

all: 50 51
RC: 0
I&N: 47 48
M&W: 3
F&P: 0
patch: 3

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.18.4-3
26 bugs (2 patches)