Wrong fixed version for cairo and CVE-2009-2044?
[ BCCing cairo maintainers, if they would like to comment ]
I'm maintaining the cairo backports, and according to the security
tracker , the current backport (from 1.8.8-2) should be affected by
CVE-2009-2044. I checked the patches linked from , and it seems to
me, the bug is already fixed in the backported version 1.8.8-2.
The security tracker currently lists 1.8.10-3 as the package fixing that
version, however that package revision doesn't mention anything like
that in the changelog; it mostly introduced udebs at that point. (Or
maybe that version was taken, as it was the first upload to unstable?)
So could it be, that the security tracker is wrong?