projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2c8d0e) | patch
graphite2: security bump to version 1.3.5
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Mon, 15 Feb 2016 16:45:49 +0000 (13:45 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mon, 15 Feb 2016 21:30:24 +0000 (22:30 +0100)
commit36bdaa2e5d94aa7d7f6d49edde17d5b737048ad4
treeb5bab040dab7b52808e67b7d3dbff7012bab67d4tree
parentd2c8d0efbfea1fc5d482a89b8108217de4105d61commit | diff
graphite2: security bump to version 1.3.5

Fixes:
CVE-2016-1521 - An exploitable out-of-bounds read vulnerability exists
in the opcode handling functionality of Libgraphite. A specially crafted
font can cause an out-of-bounds read resulting in arbitrary code
execution. An attacker can provide a malicious font to trigger this
vulnerability.
CVE-2016-1522 - An exploitable NULL pointer dereference exists in the
bidirectional font handling functionality of Libgraphite. A specially
crafted font can cause a NULL pointer dereference resulting in a crash.
An attacker can provide a malicious font to trigger this vulnerability.
CVE-2016-1523 - An exploitable heap-based buffer overflow exists in the
context item handling functionality of Libgraphite. A specially crafted
font can cause a buffer overflow resulting in potential code execution.
An attacker can provide a malicious font to trigger this vulnerability.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/graphite2/0001-disable-double-promotion.patch diff | blob | history
package/graphite2/graphite2.hash diff | blob | history
package/graphite2/graphite2.mk diff | blob | history