** Patch added: "cairo-CVE-2016-9082-trusty.debdiff" https://bugs.launchpad.net/ubuntu/+source/cairo/+bug/1639372/+attachment/4772691/+files/cairo-CVE-2016-9082-trusty.debdiff
** Information type changed from Public to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-9082 ** Bug watch added: Debian Bug tracker #842289 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842289 ** Also affects: cairo (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842289 Importance: Unknown Status: Unknown ** Bug watch added: freedesktop.org Bugzilla #98165 https://bugs.freedesktop.org/show_bug.cgi?id=98165 ** Also affects: cairo via https://bugs.freedesktop.org/show_bug.cgi?id=98165 Importance: Unknown Status: Unknown ** Tags added: patch precise trusty xenial yakkety zesty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cairo in Ubuntu. https://bugs.launchpad.net/bugs/1639372 Title: CVE-2016-9082: DOS attack in converting SVG to PNG Status in cairo: Unknown Status in cairo package in Ubuntu: Confirmed Status in cairo package in Debian: Unknown Bug description: I'm attaching debdiffs for trusty, xenial and yakkety. Zesty is already fixed by syncing cairo 1.14.6-1.1 from Debian. Maybe someone else can work on the precise update. Proof of Concept at http://seclists.org/oss-sec/2016/q4/44 I didn't get gdb to work, but when I tried to convert the file, I got a crash report named /var/crash/_usr_bin_rsvg-convert.1000.crash . After the update, no crash happened. I reproduced the crash and verified that the new package doesn't crash on yakkety. In xenial I wasn't able to reproduce the crash. I did not test on trusty. To manage notifications about this bug go to: https://bugs.launchpad.net/cairo/+bug/1639372/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
