Debian Package Tracker

general

source: cairo (main)
version: 1.15.10-3
maintainer: Debian GNOME Maintainers (archive) [DMD]
uploaders: Michael Biebl [DMD] – Jeremy Bicha [DMD] – Emilio Pozuelo Monfort [DMD] – Iain Lane [DMD] – Laurent Bigonville [DMD]
arch: all any
std-ver: 4.1.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.12.2-3
o-o-sec: 1.12.2-3+deb7u1
oldstable: 1.14.0-2.1+deb8u2
stable: 1.14.8-1
testing: 1.15.10-3
unstable: 1.15.10-3

versioned links

1.12.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.2-3+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.0-2.1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15.10-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cairo-perf-utils
libcairo-gobject2
libcairo-script-interpreter2
libcairo2
libcairo2-dev
libcairo2-doc
libcairo2-udeb

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-04-29 Last update: 2018-04-24 08:03

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-06-18 Last update: 2018-04-24 08:03

lintian reports 2 errors and 16 warnings high

Lintian reports 2 errors and 16 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-11 Last update: 2018-04-19 07:57

5 bugs tagged patch in the BTS normal

The BTS contains patches fixing 5 bugs, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-05-25 19:20

A new version is available in the VCS, consider uploading it. normal

vcswatch reports that this package has a new version ready in the VCS. You should consider uploading into the archive.

Created: 2018-04-24 Last update: 2018-04-24 20:20

3 ignored security issues in wheezy low

There are 3 open security issues in wheezy.

3 issues skipped by the security teams:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2016-3190: The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2016-03-18 Last update: 2018-04-24 08:03

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-04-29 Last update: 2018-04-24 08:03

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2017-7475: Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-9814: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Please fix them.

Created: 2017-04-29 Last update: 2018-04-24 08:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.1.2).

Created: 2018-02-03 Last update: 2018-04-19 01:44

news

[rss feed]

[2018-04-24] cairo 1.15.10-3 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cairo 1.15.10-3 (source) into unstable (Emilio Pozuelo Monfort)
[2018-02-25] Accepted cairo 1.15.10-2 (source) into unstable (Jeremy Bicha)
[2018-02-08] cairo 1.15.10-1 MIGRATED to testing (Debian testing watch)
[2018-02-02] Accepted cairo 1.15.10-1 (source) into unstable (Jeremy Bicha)
[2017-12-27] cairo 1.15.8-3 MIGRATED to testing (Debian testing watch)
[2017-12-21] Accepted cairo 1.15.8-3 (source) into unstable (Jeremy Bicha)
[2017-10-30] cairo 1.15.8-2 MIGRATED to testing (Debian testing watch)
[2017-10-25] Accepted cairo 1.15.8-2 (source amd64 all) into unstable (Laurent Bigonville)
[2017-10-17] Accepted cairo 1.15.8-1 (source amd64 all) into experimental (Laurent Bigonville)
[2017-07-07] cairo 1.14.10-1 MIGRATED to testing (Debian testing watch)
[2017-07-02] Accepted cairo 1.14.10-1 (source) into unstable (Andreas Henriksson)
[2017-01-02] Accepted cairo 1.14.0-2.1+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-12-24] cairo 1.14.8-1 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted cairo 1.14.8-1 (source) into unstable (Emilio Pozuelo Monfort)
[2016-11-14] cairo 1.14.6-1.1 MIGRATED to testing (Debian testing watch)
[2016-11-04] Accepted cairo 1.14.6-1.1 (all source) into unstable (Salvatore Bonaccorso)
[2016-10-28] Accepted cairo 1.12.2-3+deb7u1 (source all amd64) into oldstable (Chris Lamb)
[2016-10-10] Accepted cairo 1.14.0-2.1+deb8u1~kbsd8u1 (source all) into stable-kfreebsd-proposed-updates (Steven Chamberlain)
[2016-03-21] Accepted cairo 1.14.0-2.1+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2016-01-15] cairo 1.14.6-1 MIGRATED to testing (Debian testing watch)
[2016-01-09] Accepted cairo 1.14.6-1 (source) into unstable (Michael Biebl)
[2015-11-05] cairo 1.14.4-1 MIGRATED to testing (Britney)
[2015-10-30] Accepted cairo 1.14.4-1 (source) into unstable (Michael Biebl)
[2015-05-19] cairo 1.14.2-2 MIGRATED to testing (Britney)
[2015-05-14] Accepted cairo 1.14.2-2 (source amd64 all) into unstable (Michael Biebl)
[2015-04-20] Accepted cairo 1.8.10-6+build1 (source all amd64) into squeeze-lts (Raphaël Hertzog)
[2015-04-08] Accepted cairo 1.14.2-1 (source amd64 all) into experimental (Iain Lane)
[2014-11-03] cairo 1.14.0-2.1 MIGRATED to testing (Britney)
[2014-10-27] Accepted cairo 1.14.0-2.1 (source amd64 all) into unstable (Yaroslav Halchenko)

bugs [bug history graph]

all: 53 56
RC: 0
I&N: 51 54
M&W: 2
F&P: 0

links

homepage
lintian (2, 16)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.15.10-3
32 bugs (2 patches)