On Tue, 28 Sep 2021 at 22:07:26 +0200, Salvatore Bonaccorso wrote:
> > This appears to have been fixed in 1.15.14, which means it's fixed in
> > buster and bullseye.
>
> I cannot check right now, but is this correct? The upstream issue
> https://gitlab.freedesktop.org/cairo/cairo/-/issues/264 seems to have
> been closed only very recently a few weeks ago, or where those only
> additional followups?
Those were additional followups, as far as I can tell. If they fixed
additional security issues in the same pattern, then those additional
security issues would need a separate CVE.
smcv
