UbuntuUpdates.org

Package "libgraphite2-3"

Name: libgraphite2-3

Description:

Font rendering engine for Complex Scripts -- library
Latest version: 1.3.10-0ubuntu0.14.04.1
Release: trusty (14.04)
Level: security
Repository: main
Head package: graphite2

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libgraphite2-3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libgraphite2-3" in Trusty

Repository Area Version
base main 1.2.4-1ubuntu1
updates main 1.3.10-0ubuntu0.14.04.1

Changelog

Version: 1.3.10-0ubuntu0.14.04.1 2017-08-21 14:06:46 UTC
No changelog available yet.
Source diff to previous version

Version: 1.3.6-1ubuntu0.14.04.1 2016-03-14 14:06:50 UTC

  graphite2 (1.3.6-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to new upstream release 1.3.6 to fix multiple security issues.
    - CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
      CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,
      CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,
      CVE-2016-2801, CVE-2016-2802
  * Dropped upstreamed patches:
    - include-and-libraries.diff, no-specific-nunit-version.diff,
      soname.diff, CVE-2016-152x-1.patch, CVE-2016-152x-2.patch,
      CVE-2016-152x-3.patch, CVE-2016-152x-4.patch, CVE-2016-152x-5.patch
  * Updated patches for 1.3.6:
    - no-icons.diff
  * debian/patches/disable_tests.diff: disable tests that require the
    fonttools package from universe.

 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2016 14:06:56 -0500
Source diff to previous version

Version: 1.2.4-1ubuntu1.1 2016-02-17 16:07:08 UTC

  graphite2 (1.2.4-1ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2016-152x-1.patch: fix out of bounds access in
      src/Bidi.cpp.
    - debian/patches/CVE-2016-152x-2.patch: handle fonts with 0 features in
      src/FeatureMap.cpp, src/inc/FeatureMap.h.
    - debian/patches/CVE-2016-152x-3.patch: check size in src/TtfUtil.cpp.
    - debian/patches/CVE-2016-152x-4.patch: check for cntxtItem
      misalignment in src/Code.cpp.
    - debian/patches/CVE-2016-152x-5.patch: disallow nested cntxt_item in
      src/Code.cpp.
    - CVE-2016-1521
    - CVE-2016-1522
    - CVE-2016-1523
    - CVE-2016-1526
  * debian/patches/no-icons.diff: run a2x without --icons to avoid FTBFS.

 -- Marc Deslauriers <email address hidden> Thu, 11 Feb 2016 11:09:38 -0500
CVE-2016-1521 The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38
CVE-2016-1522 Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive l
CVE-2016-1523 The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x befo
CVE-2016-1526 The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before


About   -   Send Feedback to @ubuntu_updates