Debian Package Tracker
Register | Log in
Subscribe

cairo

Choose email to subscribe with

general
  • source: cairo (main)
  • version: 1.16.0-6
  • maintainer: Debian GNOME Maintainers (archive) (DMD)
  • uploaders: Michael Biebl [DMD] – Laurent Bigonville [DMD] – Emilio Pozuelo Monfort [DMD] – Iain Lane [DMD]
  • arch: all any
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.14.8-1
  • o-o-sec: 1.14.8-1+deb9u1
  • oldstable: 1.16.0-4+deb10u1
  • stable: 1.16.0-5
  • testing: 1.16.0-6
  • unstable: 1.16.0-6
versioned links
  • 1.14.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.14.8-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.16.0-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.16.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.16.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • cairo-perf-utils (1 bugs: 0, 1, 0, 0)
  • libcairo-gobject2
  • libcairo-script-interpreter2
  • libcairo2 (44 bugs: 0, 43, 1, 0)
  • libcairo2-dev (1 bugs: 0, 1, 0, 0)
  • libcairo2-doc
  • libcairo2-udeb
action needed
4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:
  • CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
  • CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
  • CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
  • CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
Created: 2022-07-04 Last update: 2022-08-01 13:40
4 security issues in bookworm high

There are 4 open security issues in bookworm.

4 important issues:
  • CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
  • CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
  • CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
  • CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
Created: 2022-07-04 Last update: 2022-08-01 13:40
lintian reports 12 errors and 17 warnings high
Lintian reports 12 errors and 17 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-01-27 Last update: 2022-07-30 12:12
3 bugs tagged patch in the BTS normal
The BTS contains patches fixing 3 bugs, consider including or untagging them.
Created: 2022-07-27 Last update: 2022-08-16 06:00
1 new commit since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 05d2f398aaee7b12d43289410a071a3d2bd79653
Author: Simon McVittie <smcv@debian.org>
Date:   Wed Jul 13 14:16:30 2022 +0100

    d/gbp.conf: Use upstream/1.16.x branch for upstream releases
    
    This lets us import 1.17.x snapshots into upstream/latest.
Created: 2021-01-26 Last update: 2022-08-11 18:35
No known security issue in bullseye wishlist

There are 4 open security issues in bullseye.

4 ignored issues:
  • CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
  • CVE-2019-6461: An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
  • CVE-2019-6462: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
  • CVE-2018-18064: cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
Created: 2022-07-04 Last update: 2022-08-01 13:40
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2021-08-18 Last update: 2022-07-13 19:38
news
[rss feed]
  • [2022-07-18] cairo 1.16.0-6 MIGRATED to testing (Debian testing watch)
  • [2022-07-13] Accepted cairo 1.16.0-6 (source) into unstable (Simon McVittie)
  • [2021-01-30] Accepted cairo 1.16.0-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • [2021-01-07] cairo 1.16.0-5 MIGRATED to testing (Debian testing watch)
  • [2021-01-05] Accepted cairo 1.14.8-1+deb9u1 (source amd64 all) into oldstable (Utkarsh Gupta)
  • [2021-01-01] Accepted cairo 1.16.0-5 (source) into unstable (Simon McVittie)
  • [2019-03-20] cairo 1.16.0-4 MIGRATED to testing (Debian testing watch)
  • [2019-03-15] Accepted cairo 1.16.0-4 (source) into unstable (Simon McVittie)
  • [2019-03-05] cairo 1.16.0-3 MIGRATED to testing (Debian testing watch)
  • [2019-02-22] Accepted cairo 1.16.0-3 (source) into unstable (Sebastien Bacher)
  • [2018-12-26] cairo 1.16.0-2 MIGRATED to testing (Debian testing watch)
  • [2018-12-23] Accepted cairo 1.16.0-2 (source) into unstable (Jeremy Bicha)
  • [2018-10-23] cairo 1.16.0-1 MIGRATED to testing (Debian testing watch)
  • [2018-10-20] Accepted cairo 1.16.0-1 (source) into unstable (Jeremy Bicha)
  • [2018-08-26] cairo 1.15.12-1 MIGRATED to testing (Debian testing watch)
  • [2018-08-24] Accepted cairo 1.15.12-1 (source) into unstable (Jeremy Bicha)
  • [2018-04-24] cairo 1.15.10-3 MIGRATED to testing (Debian testing watch)
  • [2018-04-18] Accepted cairo 1.15.10-3 (source) into unstable (Emilio Pozuelo Monfort)
  • [2018-02-25] Accepted cairo 1.15.10-2 (source) into unstable (Jeremy Bicha)
  • [2018-02-08] cairo 1.15.10-1 MIGRATED to testing (Debian testing watch)
  • [2018-02-02] Accepted cairo 1.15.10-1 (source) into unstable (Jeremy Bicha)
  • [2017-12-27] cairo 1.15.8-3 MIGRATED to testing (Debian testing watch)
  • [2017-12-21] Accepted cairo 1.15.8-3 (source) into unstable (Jeremy Bicha)
  • [2017-10-30] cairo 1.15.8-2 MIGRATED to testing (Debian testing watch)
  • [2017-10-25] Accepted cairo 1.15.8-2 (source amd64 all) into unstable (Laurent Bigonville)
  • [2017-10-17] Accepted cairo 1.15.8-1 (source amd64 all) into experimental (Laurent Bigonville)
  • [2017-07-07] cairo 1.14.10-1 MIGRATED to testing (Debian testing watch)
  • [2017-07-02] Accepted cairo 1.14.10-1 (source) into unstable (Andreas Henriksson)
  • [2017-01-02] Accepted cairo 1.14.0-2.1+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
  • [2016-12-24] cairo 1.14.8-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 56 58
  • RC: 0
  • I&N: 51 53
  • M&W: 5
  • F&P: 0
  • patch: 3
links
  • homepage
  • lintian (12, 17)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.16.0-5ubuntu2
  • 27 bugs (2 patches)
  • patches for 1.16.0-5ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing