[cairo-bugs] [Bug 98165] DoS attack based on using SVG to generate invalid pointers from a _cairo_image_surface in write_png
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Nov 8 01:09:59 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=98165
--- Comment #10 from Bryce Harrington <bryce at osg.samsung.com> ---
Yes agreed, this fix looks ok, and this is already being carried by Debian Sid.
Carrying this in the devel tree seems like the next logical step, and if no
issues arise from the extra testing and review, it looks suitable for landing
in 1.14 stable too.
Landed:
To ssh://git.freedesktop.org/git/cairo
35fccff..38fbe62 master -> master
Given the feedback in comments 7 & 8 I'm going to leave this report open for
now as reminder to investigate further, although it might be worthwhile to
break those out as a separate bug report or two so this one can be closed.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20171108/f3c05943/attachment.html>
More information about the cairo-bugs
mailing list