UbuntuUpdates.org

Package "harfbuzz"

Name: harfbuzz

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenType text shaping engine (GObject introspection data)
  • Development files for OpenType text shaping engine
  • Documentation files for the HarfBuzz library
  • OpenType text shaping engine ICU backend (GObject library)

Latest version: 1.0.1-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: main

Links



Other versions of "harfbuzz" in Xenial

Repository Area Version
base universe 1.0.1-1build2
base main 1.0.1-1build2
security universe 1.0.1-1ubuntu0.1
updates main 1.0.1-1ubuntu0.1
updates universe 1.0.1-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.1-1ubuntu0.1 2016-08-24 15:06:57 UTC

  harfbuzz (1.0.1-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: memory access issue in hb-ot-layout-gpos-table.hh
    - debian/patches/CVE-2015-8947.patch: call check_struct earlier in
      src/hb-ot-layout-gpos-table.hh.
    - CVE-2015-8947
  * SECURITY UPDATE: buffer over-read via inverted length check
    - debian/patches/CVE-2016-2052.patch: fix hmtx wrong table length check
      in src/hb-ot-font.cc.
    - CVE-2016-2052

 -- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 11:14:40 -0400

CVE-2015-8947 hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecif
CVE-2016-2052 Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of ser



About   -   Send Feedback to @ubuntu_updates