SUSE has issued an advisory on October 22: https://lists.suse.com/pipermail/sle-security-updates/2021-October/009644.html
Status comment: (none) => Patch available from upstream
No registered nor evident maintainer, so have to assign this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. (CVE-2019-6462) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009644.html ======================== Updated packages in core/updates_testing: ======================== lib(64)cairo2-1.16.0-6.1.mga8 lib(64)cairo-devel-1.16.0-6.1.mga8 lib(64)cairo-static-devel-1.16.0-6.1.mga8 from SRPM: cairo-1.16.0-6.1.mga8.src.rpm
Status: NEW => ASSIGNEDStatus comment: Patch available from upstream => (none)CVE: (none) => CVE-2019-6462CC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugs
MGA8-64 Plasma on Lenovo B50 No installation issues. As stated in bug 28084, # urpmq --whatrequires lib64cairo2 returns a long list picked out caja and run strace -o libcairo.txt caja and checked and found references to libcairo lob files. Works OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0497.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED