[SECURITY] [DLA 688-1] cairo security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 688-1] cairo security update
From: Chris Lamb <lamby@debian.org>
Date: Fri, 28 Oct 2016 20:28:55 +0100
Message-id: <[🔎] 1477682935.231401.770603625.70DACC8E@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cairo
Version        : 1.12.2-3+deb7u1
CVE ID         : CVE-2016-9082
Debian Bug     : #842289

It was discovered that there was a possible DoS attack in Cairo, a
multi-platform library providing vector-based rendering. An SVG could
generate invalid pointers from a _cairo_image_surface in write_png.

For Debian 7 "Wheezy", this issue has been fixed in cairo version
1.12.2-3+deb7u1.

We recommend that you upgrade your cairo packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYE6bqAAoJEB6VPifUMR5Y+5oP/2ezQVJZN+FOC3eM5LARKJES
kEZCuASr2nGuregpTgRjLr4LWtbF2MH2ISlzi4L1uw/IIljS43xC1Y+htPR09NME
SsbC8qL+3J/qUpNOBqF9+NnTVVhuAiwBvV2JFiXxNCX/V2TFe/tDz0MPp8f7YenF
1WQy4Bm7/29BekYmSwnED+KM+B60c7JbsQMpS1VnJ39/DM0r3Euoen4BCHKwQ6ph
2qRbhW65+IARGheT8gSW8WZSnfM/788zZzqJJ+bydaYz/C9C1zA1Cgc7Z32mr9SP
/GKybQHbl3KGzHrzGxxjLuJelBjIi/BGtc0mTzZfqQKTNku4gq1F+0PmmWHV5FTJ
Rb17mmJZ3F/HHVeyBR1N2s1jVzL8SltdfbuFO13WsCbd1PAT072R6sfBZ9zvl0KJ
gZcJQLUwWU8G+AgsksZjEJZbyPAEGped2t7kEx7mu+792FTrqOXEJsfsRm24yko2
vny7ksaytZvT/T8H+PibZ0XLynsKpJLutg+6bHDmzaQuSlS94aOcGCQtxwqUARr3
2O9K2KuixR697NnzFDaitQt5I9DZ8QbIhf2bwTvNCMKUiS6EhJmzfC5alE6M6vS9
ZbXM4lgGgUp14WVdSZ7QV+NiaqgGUBp35KYx6kuRe4bA9+RK7vdoDxZMG8/dbP9l
Znaxec6DgUXuJJ5/CZO+
=hMut
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 674-2] ghostscript regression update
Next by Date: [SECURITY] [DLA 680-2] bash version number correction
Previous by thread: [SECURITY] [DLA 674-2] ghostscript regression update
Next by thread: [SECURITY] [DLA 680-2] bash version number correction
Index(es):
- Date
- Thread