Summary: | <media-gfx/graphite2-1.3.8-r1: Out-of-bounds write with malicious font | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
=media-gfx/graphite2-1.3.8-r1
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2017-04-19 18:26:18 UTC
Upstream hasn't released a version with fixes yet. Graphite2 versions 1.3.8-r1 and 1.3.9-r1 include the backported commits that Mozilla used to address the CVE. As 1.3.8 is current stable, 1.3.8-r1 should likely be the easiest one to stabilize quickly. if office@ approves could we get arches CC'd for stabilization asap? (In reply to Ian Stakenvicius from comment #1) > Upstream hasn't released a version with fixes yet. > > Graphite2 versions 1.3.8-r1 and 1.3.9-r1 include the backported commits that > Mozilla used to address the CVE. > > As 1.3.8 is current stable, 1.3.8-r1 should likely be the easiest one to > stabilize quickly. > Do it! Stable for HPPA. amd64 stable ppc stable ppc64 stable x86 stable arm stable sparc stable Stable on alpha. arm stable All security supported arches completed. ia64 please complete stabilization. New GLSA Request filed. ia64 stable. Maintainer(s), please cleanup. Cleanup done This issue was resolved and addressed in GLSA 201706-25 at https://security.gentoo.org/glsa/201706-25 by GLSA coordinator Kristian Fiskerstrand (K_F). |