Date: Mon, 14 Mar 2016 12:10:29 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r411058 - head/security/vuxml Message-ID: <201603141210.u2ECATT5053266@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Mon Mar 14 12:10:29 2016 New Revision: 411058 URL: https://svnweb.freebsd.org/changeset/ports/411058 Log: Document one more graphite2 vulnerability Modified: head/security/vuxml/vuln.xml (contents, props changed) Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Mar 14 12:04:26 2016 (r411057) +++ head/security/vuxml/vuln.xml Mon Mar 14 12:10:29 2016 (r411058) @@ -550,10 +550,18 @@ Notes: memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.</p> </blockquote> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/">; + <p>Security researcher James Clawson used the Address + Sanitizer tool to discover an out-of-bounds write in the + Graphite 2 library when loading a crafted Graphite font + file. This results in a potentially exploitable crash.</p> + </blockquote> </body> </description> <references> <url>https://www.mozilla.org/security/advisories/mfsa2016-37/</url>; + <url>https://www.mozilla.org/security/advisories/mfsa2016-38/</url>; + <cvename>CVE-2016-1969</cvename> <cvename>CVE-2016-1977</cvename> <cvename>CVE-2016-2790</cvename> <cvename>CVE-2016-2791</cvename> @@ -572,6 +580,7 @@ Notes: <dates> <discovery>2016-03-08</discovery> <entry>2016-03-08</entry> + <modified>2016-03-14</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603141210.u2ECATT5053266>