graphite2: security bump to version 1.3.5 - buildroot

diff options

author	Gustavo Zacarias <gustavo@zacarias.com.ar>	2016-02-15 13:45:49 -0300
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2016-02-15 22:30:24 +0100
commit	36bdaa2e5d94aa7d7f6d49edde17d5b737048ad4 (patch)
tree	b5bab040dab7b52808e67b7d3dbff7012bab67d4 /package/postgresql/postgresql.hash
parent	d2c8d0efbfea1fc5d482a89b8108217de4105d61 (diff)
download	buildroot-36bdaa2e5d94aa7d7f6d49edde17d5b737048ad4.tar.gz buildroot-36bdaa2e5d94aa7d7f6d49edde17d5b737048ad4.zip

graphite2: security bump to version 1.3.5

Fixes: CVE-2016-1521 - An exploitable out-of-bounds read vulnerability exists in the opcode handling functionality of Libgraphite. A specially crafted font can cause an out-of-bounds read resulting in arbitrary code execution. An attacker can provide a malicious font to trigger this vulnerability. CVE-2016-1522 - An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash. An attacker can provide a malicious font to trigger this vulnerability. CVE-2016-1523 - An exploitable heap-based buffer overflow exists in the context item handling functionality of Libgraphite. A specially crafted font can cause a buffer overflow resulting in potential code execution. An attacker can provide a malicious font to trigger this vulnerability. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Diffstat (limited to 'package/postgresql/postgresql.hash')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: