cairo - Debian Package Tracker

general

source: cairo (main)
version: 1.16.0-5
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Jeremy Bicha [DMD] – Emilio Pozuelo Monfort [DMD] – Laurent Bigonville [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.14.8-1
o-o-sec: 1.14.8-1+deb9u1
oldstable: 1.16.0-4+deb10u1
stable: 1.16.0-5
testing: 1.16.0-5
unstable: 1.16.0-5

versioned links

1.14.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.8-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.0-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cairo-perf-utils (1 bugs: 0, 1, 0, 0)
libcairo-gobject2
libcairo-script-interpreter2
libcairo2 (42 bugs: 0, 42, 0, 0)
libcairo2-dev
libcairo2-doc
libcairo2-udeb

action needed

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Created: 2021-02-19 Last update: 2021-08-15 00:00

5 security issues in bookworm high

There are 5 open security issues in bookworm.

5 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Created: 2021-08-15 Last update: 2021-08-15 00:00

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2021-08-14 Last update: 2021-09-28 02:30

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 35882fadac42e801dda8f5b00affcc9acd764711
Author: Laurent Bigonville <bigon@debian.org>
Date:   Thu Apr 29 11:22:43 2021 +0200

    debian/control.in: Switch dependencies from libfreetype6-dev to libfreetype-dev

commit d01b4763dd5e9bf188611baedbda8b0b2a67a037
Author: Helmut Grohne <helmut@subdivi.de>
Date:   Mon Jan 25 06:42:14 2021 +0100

    Drop unused Build-Depends: libxsm-dev, xutils-dev, libxt-dev
    
    These appear to have been unused since 2006, when cairo switched to
    preferring pkg-config and xlib.pc as its way to find Xlib.
    
    Closes: #980992

Created: 2021-01-26 Last update: 2021-09-25 14:35

lintian reports 9 warnings normal

Lintian reports 9 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-06-25 10:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.1).

Created: 2021-08-18 Last update: 2021-08-18 14:03

No known security issue in buster wishlist

There are 5 open security issues in buster.

5 ignored issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Created: 2021-02-19 Last update: 2021-08-15 00:00

No known security issue in bullseye wishlist

There are 5 open security issues in bullseye.

5 ignored issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Created: 2021-08-14 Last update: 2021-08-15 00:00

news

[rss feed]

[2021-01-30] Accepted cairo 1.16.0-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-01-07] cairo 1.16.0-5 MIGRATED to testing (Debian testing watch)
[2021-01-05] Accepted cairo 1.14.8-1+deb9u1 (source amd64 all) into oldstable (Utkarsh Gupta)
[2021-01-01] Accepted cairo 1.16.0-5 (source) into unstable (Simon McVittie)
[2019-03-20] cairo 1.16.0-4 MIGRATED to testing (Debian testing watch)
[2019-03-15] Accepted cairo 1.16.0-4 (source) into unstable (Simon McVittie)
[2019-03-05] cairo 1.16.0-3 MIGRATED to testing (Debian testing watch)
[2019-02-22] Accepted cairo 1.16.0-3 (source) into unstable (Sebastien Bacher)
[2018-12-26] cairo 1.16.0-2 MIGRATED to testing (Debian testing watch)
[2018-12-23] Accepted cairo 1.16.0-2 (source) into unstable (Jeremy Bicha)
[2018-10-23] cairo 1.16.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-20] Accepted cairo 1.16.0-1 (source) into unstable (Jeremy Bicha)
[2018-08-26] cairo 1.15.12-1 MIGRATED to testing (Debian testing watch)
[2018-08-24] Accepted cairo 1.15.12-1 (source) into unstable (Jeremy Bicha)
[2018-04-24] cairo 1.15.10-3 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cairo 1.15.10-3 (source) into unstable (Emilio Pozuelo Monfort)
[2018-02-25] Accepted cairo 1.15.10-2 (source) into unstable (Jeremy Bicha)
[2018-02-08] cairo 1.15.10-1 MIGRATED to testing (Debian testing watch)
[2018-02-02] Accepted cairo 1.15.10-1 (source) into unstable (Jeremy Bicha)
[2017-12-27] cairo 1.15.8-3 MIGRATED to testing (Debian testing watch)
[2017-12-21] Accepted cairo 1.15.8-3 (source) into unstable (Jeremy Bicha)
[2017-10-30] cairo 1.15.8-2 MIGRATED to testing (Debian testing watch)
[2017-10-25] Accepted cairo 1.15.8-2 (source amd64 all) into unstable (Laurent Bigonville)
[2017-10-17] Accepted cairo 1.15.8-1 (source amd64 all) into experimental (Laurent Bigonville)
[2017-07-07] cairo 1.14.10-1 MIGRATED to testing (Debian testing watch)
[2017-07-02] Accepted cairo 1.14.10-1 (source) into unstable (Andreas Henriksson)
[2017-01-02] Accepted cairo 1.14.0-2.1+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-12-24] cairo 1.14.8-1 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted cairo 1.14.8-1 (source) into unstable (Emilio Pozuelo Monfort)
[2016-11-14] cairo 1.14.6-1.1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 55 57
RC: 0
I&N: 51 53
M&W: 3
F&P: 1
patch: 4

links

homepage
lintian (0, 9)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.16.0-5ubuntu1
26 bugs (2 patches)
patches for 1.16.0-5ubuntu1