Debian-LTS has issued an advisory on January 6: https://www.debian.org/lts/security/2021/dla-2518 Mageia 7 is also affected.
Status comment: (none) => Patches available from upstreamWhiteboard: (none) => MGA7TOO
Fix pushed in mageia cauldron.
CC: (none) => mageiaWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Fix pushed in mga7 src: cairo-1.16.0-2.2.mga7
Assignee: bugsquad => qa-bugs
Advisory: ======================== Updated cairo packages fix security vulnerability: LibreOffice slideshow aborts with stack smashing in cairo’s composite_boxes (CVE-2020-35492). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492 https://www.debian.org/lts/security/2021/dla-2518 ======================== Updated packages in core/updates_testing: ======================== libcairo2-1.16.0-2.2.mga7 libcairo-devel-1.16.0-2.2.mga7 libcairo-static-devel-1.16.0-2.2.mga7 from cairo-1.16.0-2.2.mga7.src.rpm
Status comment: Patches available from upstream => (none)
Created a short slide show in Libreoffice Impress with 12 slides. Used the slideshow function, but did not visibly trigger any problems. Updated lib64cairo2. No installation issues. Ran the slide show again, with no issues noted. urpmq --whatrequires lib64cairo2 reveals a very long list. The Gimp is on it, as is Firefox, and cairo-dock. Ran The Gimp with a complex image consisting of over 70 layers of graphics and text, with no issues. Cairo-dock was already installed on one test machine during a previous test of it, and there were no regressions with any of the 2D rendering. Firefox is being used to make this report, with no regressions noted. I'm going to call this OK, and validate. Advisory in Comment 3.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
CVE: (none) => CVE-2020-35492CC: (none) => ouaurelienSource RPM: cairo-1.16.0-5.mga8.src.rpm => cairo-1.16.0-2.1.mga7.src.rpmKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0028.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED