Thanks for the debdiffs!
While they look good, there is some discussion in the upstream bug, and
the fix hasn't been committed yet. I'll wait until the fix is committed
before releasing updates for the stable releases.
** Also affects: cairo (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: cairo (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: cairo (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: cairo (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: cairo (Ubuntu Precise)
Status: New => Confirmed
** Changed in: cairo (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: cairo (Ubuntu Xenial)
Status: New => Confirmed
** Changed in: cairo (Ubuntu Yakkety)
Status: New => Confirmed
** Changed in: cairo (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: cairo (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: cairo (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: cairo (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: cairo (Ubuntu Yakkety)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cairo in Ubuntu.
https://bugs.launchpad.net/bugs/1639372
Title:
CVE-2016-9082: DOS attack in converting SVG to PNG
Status in cairo:
Unknown
Status in cairo package in Ubuntu:
Fix Released
Status in cairo source package in Precise:
Confirmed
Status in cairo source package in Trusty:
Confirmed
Status in cairo source package in Xenial:
Confirmed
Status in cairo source package in Yakkety:
Confirmed
Status in cairo package in Debian:
Fix Released
Bug description:
I'm attaching debdiffs for trusty, xenial and yakkety. Zesty is
already fixed by syncing cairo 1.14.6-1.1 from Debian. Maybe someone
else can work on the precise update.
Proof of Concept at
http://seclists.org/oss-sec/2016/q4/44
I didn't get gdb to work, but when I tried to convert the file, I got
a crash report named /var/crash/_usr_bin_rsvg-convert.1000.crash .
After the update, no crash happened.
I reproduced the crash and verified that the new package doesn't crash
on yakkety. In xenial I wasn't able to reproduce the crash. I did not
test on trusty.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cairo/+bug/1639372/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
