[SECURITY] [DLA 2518-1] cairo security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2518-1] cairo security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Wed, 6 Jan 2021 01:05:23 +0530
Message-id: <[🔎] CAPP0f97S_AC9yp=SbwfEUVbXhepe6vy5VHdWPHw9pmT-i9-uug@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2518-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 06, 2021                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : cairo
Version        : 1.14.8-1+deb9u1
CVE ID         : CVE-2020-35492
Debian Bug     : 978658

LibreOffice slideshow aborts with stack smashing in cairo’s
composite_boxes.

For Debian 9 stretch, this problem has been fixed in version
1.14.8-1+deb9u1.

We recommend that you upgrade your cairo packages.

For the detailed security status of cairo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cairo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl/0v2EACgkQgj6WdgbD
S5a7Lw//bS1OvPrb34D605P82jvPoI9fOmSnuDRW+KNyv64hT7auWPZmzlg8OmH+
GfMfIheaRAsDzz0rNCgK8x1jAAhW/1+d0Ixql2xreSwN37BTTPIjg5jqfmj3UqDh
B1TMtYIJhAKoWU/yx+trRLFQhQQ9VZOG18HxSqRldXhbW/kXoaQ8m0NE9JaYvlzF
GEXBhHlRgkO89efk358XM0l4HeOO+qGCcnLtlKdvaLnSjRPsuNnszaPTdQ89r+em
cf1t9RFMRucmz5/44YbBTUJSbK2DoH06byAYlbOFMlKMoBNM7xXLRRKSZFsrpTlY
SMJOcY6GP2T88MitiVrWJT8PmRDGCHVm7BLYUoBvWOGMLxMmDTjuxtnFTPTKB7ew
cUq5KN+MENedcbSheXz7m27ncUWg3IFoX7vS5vIIL4ZfOK1W3wVf4braJ09Yghi4
s02mECKrhNnDlz/Y4EnYDhzrMM5SlNe6nABEPFmWNIV+4O5nSWsO/FAOeqKniBFf
DuW8d7qahun2SsOfMX48avCf2pc/h25tLxg91UzWiSD4U0/WVXhP7HLnuwOUrY6V
cWx7VR0npPmYZevmIAVke7RNaS62O8mCxEXFY2b6E9ti4CRZDrbmAiT9ID6gwgyf
1U6FVgHKhXfAChJIpV0boYvm7AdvDVcTH2Gc9ZehsqZF2cSuWr4=
=SZPT
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2517-1] dovecot security update
Next by Date: [SECURITY] [DLA 2519-1] pacemaker security update
Previous by thread: [SECURITY] [DLA 2517-1] dovecot security update
Next by thread: [SECURITY] [DLA 2519-1] pacemaker security update
Index(es):
- Date
- Thread