2016-11-04 22:34:32 |
Jeremy Bícha |
bug |
|
|
added bug |
2016-11-04 22:34:49 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Yakkety |
|
2016-11-04 22:34:49 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Precise |
|
2016-11-04 22:34:49 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Xenial |
|
2016-11-04 22:34:49 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Trusty |
|
2016-11-04 22:41:14 |
Jeremy Bícha |
attachment added |
|
cairo-CVE-2016-9082-xenial.debdiff https://bugs.launchpad.net/ubuntu/+source/cairo/+bug/1639372/+attachment/4772689/+files/cairo-CVE-2016-9082-xenial.debdiff |
|
2016-11-04 22:41:34 |
Jeremy Bícha |
attachment added |
|
cairo-CVE-2016-9082-yakkety.debdiff https://bugs.launchpad.net/ubuntu/+source/cairo/+bug/1639372/+attachment/4772690/+files/cairo-CVE-2016-9082-yakkety.debdiff |
|
2016-11-04 22:41:58 |
Jeremy Bícha |
attachment added |
|
cairo-CVE-2016-9082-trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/cairo/+bug/1639372/+attachment/4772691/+files/cairo-CVE-2016-9082-trusty.debdiff |
|
2016-11-04 22:42:09 |
Jeremy Bícha |
information type |
Public |
Public Security |
|
2016-11-04 22:42:24 |
Jeremy Bícha |
cve linked |
|
2016-9082 |
|
2016-11-04 22:43:17 |
Jeremy Bícha |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842289 |
|
2016-11-04 22:43:17 |
Jeremy Bícha |
bug task added |
|
cairo (Debian) |
|
2016-11-04 22:43:34 |
Jeremy Bícha |
bug watch added |
|
https://bugs.freedesktop.org/show_bug.cgi?id=98165 |
|
2016-11-04 22:43:34 |
Jeremy Bícha |
bug task added |
|
cairo |
|
2016-11-04 22:44:01 |
Jeremy Bícha |
tags |
|
patch precise trusty xenial yakkety zesty |
|
2016-11-04 22:50:04 |
Jeremy Bícha |
description |
I'm attaching debdiffs for trusty, xenial and yakkety. Zesty is already fixed by syncing cairo 1.14.6-1.1 from Debian. Maybe someone else can work on the precise update.
Proof of Concept at
http://seclists.org/oss-sec/2016/q4/44
I didn't get gdb to work, but when I tried to convert the file, I got a crash report named /var/crash/_usr_bin_rsvg-convert.1000.crash . After the update, no crash happened.
I reproduced the crash and verified that the new package doesn't crash on xenial and yakkety only. I did not test on trusty. |
I'm attaching debdiffs for trusty, xenial and yakkety. Zesty is already fixed by syncing cairo 1.14.6-1.1 from Debian. Maybe someone else can work on the precise update.
Proof of Concept at
http://seclists.org/oss-sec/2016/q4/44
I didn't get gdb to work, but when I tried to convert the file, I got a crash report named /var/crash/_usr_bin_rsvg-convert.1000.crash . After the update, no crash happened.
I reproduced the crash and verified that the new package doesn't crash on yakkety. In xenial I wasn't able to reproduce the crash. I did not test on trusty. |
|
2016-11-04 22:51:02 |
Jeremy Bícha |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2016-11-04 23:31:46 |
Bug Watch Updater |
cairo (Debian): status |
Unknown |
Fix Released |
|
2016-11-05 01:14:09 |
Alberto Salvia Novella |
cairo (Ubuntu): importance |
Undecided |
High |
|
2016-11-21 16:29:28 |
Marc Deslauriers |
bug task added |
|
cairo (Ubuntu Precise) |
|
2016-11-21 16:29:34 |
Marc Deslauriers |
bug task added |
|
cairo (Ubuntu Trusty) |
|
2016-11-21 16:29:41 |
Marc Deslauriers |
bug task added |
|
cairo (Ubuntu Xenial) |
|
2016-11-21 16:29:48 |
Marc Deslauriers |
bug task added |
|
cairo (Ubuntu Yakkety) |
|
2016-11-21 16:29:59 |
Marc Deslauriers |
cairo (Ubuntu Precise): status |
New |
Confirmed |
|
2016-11-21 16:30:04 |
Marc Deslauriers |
cairo (Ubuntu Trusty): status |
New |
Confirmed |
|
2016-11-21 16:30:10 |
Marc Deslauriers |
cairo (Ubuntu Xenial): status |
New |
Confirmed |
|
2016-11-21 16:30:13 |
Marc Deslauriers |
cairo (Ubuntu Yakkety): status |
New |
Confirmed |
|
2016-11-21 16:30:22 |
Marc Deslauriers |
cairo (Ubuntu): status |
Confirmed |
Fix Released |
|
2016-11-21 16:30:26 |
Marc Deslauriers |
cairo (Ubuntu Precise): importance |
Undecided |
Medium |
|
2016-11-21 16:30:29 |
Marc Deslauriers |
cairo (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-11-21 16:30:34 |
Marc Deslauriers |
cairo (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-11-21 16:30:37 |
Marc Deslauriers |
cairo (Ubuntu Yakkety): importance |
Undecided |
Medium |
|
2017-03-29 11:02:22 |
Marc Deslauriers |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2017-06-17 20:49:35 |
Bug Watch Updater |
cairo: status |
Unknown |
Confirmed |
|
2017-06-17 20:49:35 |
Bug Watch Updater |
cairo: importance |
Unknown |
Critical |
|
2017-11-09 09:22:57 |
Bug Watch Updater |
cairo: status |
Confirmed |
In Progress |
|
2019-09-02 23:17:34 |
Bug Watch Updater |
cairo: status |
In Progress |
Unknown |
|
2019-09-02 23:17:38 |
Bug Watch Updater |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1382656 |
|
2019-09-02 23:17:38 |
Bug Watch Updater |
bug watch added |
|
https://gitlab.freedesktop.org/cairo/cairo/issues/81 |
|
2021-10-14 15:28:02 |
Steve Langasek |
cairo (Ubuntu Precise): status |
Confirmed |
Won't Fix |
|
2022-05-10 19:26:38 |
Rodrigo Figueiredo Zaiden |
cairo (Ubuntu Xenial): status |
Confirmed |
Fix Released |
|