Source: cairo Version: 1.16.0-1 Severity: important Tags: security upstream Forwarded: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
Hi, The following vulnerability was published for cairo. CVE-2018-19876[0]: | cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would | free memory using a free function incompatible with WebKit's | fastMalloc, leading to an application crash with a "free(): invalid | pointer" error. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19876 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876 [1] https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 [2] https://bugs.webkit.org/show_bug.cgi?id=191595 Please adjust the affected versions in the BTS as needed. Regards, Salvatore