Bug 14058

Summary: [CVE21] cairo 1.16 CVEs
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Preinstalled software in the ISOAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: a.proklov, e.malashin, s.matveev
Version: AllFlags: v.potapov: qa_verified+
v.potapov: secteam_verified?
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2019-6461,CVE-2019-6462,CVE-2018-19876
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2023-11-29 11:37:14 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2019-6461 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2019-6462 Base Score: 6.5 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2018-19876 Base Score: 6.5 MEDIUM
Comment 1 Svyatoslav Matveev 2023-11-29 17:02:19 MSK 
********** QA ADVISORY **********

CVE-2019-6461
CVE-2019-6462
Закрыто патчами

CVE-2018-19876 исправлено в этой версии..

*** cairo
**  1.16.0 release +1

https://abf.io/build_lists/4841517
https://abf.io/build_lists/4841518
https://abf.io/build_lists/4841519
https://abf.io/build_lists/4841521
Comment 2 Svyatoslav Matveev 2023-11-29 20:54:45 MSK 
*** e2k
https://abf.io/build_lists/4841520
Comment 3 e.malashin@rosalinux.ru 2023-11-30 15:09:33 MSK 
The update sent to testings
Comment 4 Vladimir Potapov 2023-12-05 02:47:38 MSK 
cairo-1.16.0-5
https://abf.io/build_lists/4841517
https://abf.io/build_lists/4841518
https://abf.io/build_lists/4841519
https://abf.io/build_lists/4841521
****************************** Advisory **********************
CVEs closed vy version update and patch
**************************************************************
QA Verified