Hi Simon, > Version: 1.16.0-1 > > On Sun, 16 Jul 2017 at 22:52:11 +0200, Salvatore Bonaccorso wrote: > > CVE-2017-9814[0]: > > | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote > > | attackers to cause a denial of service (out-of-bounds read) because of > > | mishandling of an unexpected malloc(0) call. > > This appears to have been fixed in 1.15.14, which means it's fixed in > buster and bullseye.
I cannot check right now, but is this correct? The upstream issue https://gitlab.freedesktop.org/cairo/cairo/-/issues/264 seems to have been closed only very recently a few weeks ago, or where those only additional followups? Regards, Salvatore
