Debian Package Tracker

general

source: cairo (source, libs)
version: 1.14.10-1
maintainer: Debian GNOME Maintainers (archive) [DMD]
uploaders: Dave Beckett [DMD] – Sebastian Dröge [DMD] – Emilio Pozuelo Monfort [DMD] – Michael Biebl [DMD]
arch: all any
std-ver: 3.9.6
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.12.2-3
o-o-sec: 1.12.2-3+deb7u1
oldstable: 1.14.0-2.1+deb8u2
stable: 1.14.8-1
testing: 1.14.10-1
unstable: 1.14.10-1

versioned links

1.12.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.2-3+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.0-2.1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.10-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cairo-perf-utils
libcairo-gobject2
libcairo-script-interpreter2
libcairo2
libcairo2-dev
libcairo2-doc
libcairo2-udeb

action needed

2 security issues in sid

high

There are 2 open security issues in sid.

2 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-04-29 Last update: 2017-08-11 01:20

2 security issues in buster

high

There are 2 open security issues in buster.

2 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-06-18 Last update: 2017-08-11 01:20

Standards version of the package is outdated.

high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.0.0 instead of 3.9.6).

Created: 2016-03-23 Last update: 2017-07-02 13:00

Multiarch hinter reports 2 issue(s)

normal

There are issues with the multiarch metadata for this package.

libcairo2-doc could be marked Multi-Arch: foreign
libcairo2-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2017-08-19 19:31

5 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 5 bugs, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-08-19 19:04

lintian reports 17 warnings

normal

Lintian reports 17 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-03 Last update: 2016-09-13 06:45

3 ignored security issues in wheezy

low

There are 3 open security issues in wheezy.

3 issues skipped by the security teams:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2016-3190: The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2016-03-18 Last update: 2017-08-11 01:20

2 ignored security issues in jessie

low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-04-29 Last update: 2017-08-11 01:20

2 ignored security issues in stretch

low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-04-29 Last update: 2017-08-11 01:20

news

[rss feed]

[2017-07-07] cairo 1.14.10-1 MIGRATED to testing (Debian testing watch)
[2017-07-02] Accepted cairo 1.14.10-1 (source) into unstable (Andreas Henriksson)
[2017-01-02] Accepted cairo 1.14.0-2.1+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-12-24] cairo 1.14.8-1 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted cairo 1.14.8-1 (source) into unstable (Emilio Pozuelo Monfort)
[2016-11-14] cairo 1.14.6-1.1 MIGRATED to testing (Debian testing watch)
[2016-11-04] Accepted cairo 1.14.6-1.1 (all source) into unstable (Salvatore Bonaccorso)
[2016-10-28] Accepted cairo 1.12.2-3+deb7u1 (source all amd64) into oldstable (Chris Lamb)
[2016-10-10] Accepted cairo 1.14.0-2.1+deb8u1~kbsd8u1 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-03-21] Accepted cairo 1.14.0-2.1+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2016-01-15] cairo 1.14.6-1 MIGRATED to testing (Debian testing watch)
[2016-01-09] Accepted cairo 1.14.6-1 (source) into unstable (Michael Biebl)
[2015-11-05] cairo 1.14.4-1 MIGRATED to testing (Britney)
[2015-10-30] Accepted cairo 1.14.4-1 (source) into unstable (Michael Biebl)
[2015-05-19] cairo 1.14.2-2 MIGRATED to testing (Britney)
[2015-05-14] Accepted cairo 1.14.2-2 (source amd64 all) into unstable (Michael Biebl)
[2015-04-20] Accepted cairo 1.8.10-6+build1 (source all amd64) into squeeze-lts (Raphaël Hertzog)
[2015-04-08] Accepted cairo 1.14.2-1 (source amd64 all) into experimental (Iain Lane)
[2014-11-03] cairo 1.14.0-2.1 MIGRATED to testing (Britney)
[2014-10-27] Accepted cairo 1.14.0-2.1 (source amd64 all) into unstable (Yaroslav Halchenko)
[2014-10-22] Accepted cairo 1.14.0-2 (source amd64 all) into unstable (Michael Biebl)
[2014-10-21] Accepted cairo 1.14.0-1 (source all amd64) into unstable (Michael Biebl)
[2014-09-12] cairo 1.12.16-5 MIGRATED to testing (Britney)
[2014-09-06] Accepted cairo 1.12.16-5 (source all amd64) into unstable (Emilio Pozuelo Monfort)
[2014-09-05] Accepted cairo 1.12.16-4 (source all amd64) into unstable (Emilio Pozuelo Monfort)
[2014-08-30] cairo 1.12.16-3 MIGRATED to testing (Britney)
[2014-08-24] Accepted cairo 1.12.16-3 (source all amd64) into unstable (Andreas Henriksson)
[2013-09-28] cairo 1.12.16-2 MIGRATED to testing (Debian testing watch)
[2013-09-17] Accepted cairo 1.12.16-2 (source all amd64) (Michael Biebl)
[2013-09-13] Accepted cairo 1.12.16-1 (source all amd64) (Michael Biebl)

bugs [bug history graph]

all: 53 56
RC: 0
I&N: 51 54
M&W: 2
F&P: 0

links

homepage
lintian (0, 17)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.14.10-1
33 bugs (2 patches)