UbuntuUpdates.org

Package "libharfbuzz-dev"

Name: libharfbuzz-dev

Description:

Development files for OpenType text shaping engine

Latest version: 2.6.4-1ubuntu4.2
Release: focal (20.04)
Level: security
Repository: main
Head package: harfbuzz
Homepage: https://www.freedesktop.org/wiki/Software/HarfBuzz

Links


Download "libharfbuzz-dev"


Other versions of "libharfbuzz-dev" in Focal

Repository Area Version
base main 2.6.4-1ubuntu4
updates main 2.6.4-1ubuntu4.2

Changelog

Version: 2.6.4-1ubuntu4.2 2022-07-19 14:06:17 UTC

  harfbuzz (2.6.4-1ubuntu4.2) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2022-33068-1.patch: limit glyph extents in
      src/hb-ot-color-sbix-table.hh.
    - debian/patches/CVE-2022-33068-2.patch: fix conditional in
      src/hb-ot-color-sbix-table.hh.
    - CVE-2022-33068
  * debian/rules: increase fuzzer timeouts to fix FTBFS on riscv64.

 -- Marc Deslauriers <email address hidden> Wed, 13 Jul 2022 12:43:13 -0400

CVE-2022-33068 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified v



About   -   Send Feedback to @ubuntu_updates