graphite2-1.3.10-1.el7
エラータID: AXSA:2017-1747:01
Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language
Software Development groups to provide rendering capabilities for complex
non-Roman writing systems. Graphite can be used to create “smart fonts” capable
of displaying writing systems with various complex behaviors. With respect to
the Text Encoding Model, Graphite handles the "Rendering" aspect of writing
system implementation.
Security issues fixed with this release:
CVE-2017-7771
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7772
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7773
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7774
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7775
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7776
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7777
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-7778
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10).
Update packages.
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
N/A
SRPMS
- graphite2-1.3.10-1.el7.src.rpm
MD5: fe439709d17df96795c12a02b587f0a1
SHA-256: 3e20fd9d568e203a17a2bddbe4d95420a747f86ccc2db3690fd70fdb359ef8aa
Size: 3.46 MB
Asianux Server 7 for x86_64
- graphite2-1.3.10-1.el7.x86_64.rpm
MD5: 4a7638f312a552be7bd9bb4a8bc3e112
SHA-256: 0edca7c7c9914ef21dab57bb2acfb9a0bb4d5ad15f611754b8272dd8c2d55007
Size: 114.27 kB - graphite2-1.3.10-1.el7.i686.rpm
MD5: 3380b0a01d0e6505957c9e492a2c187c
SHA-256: 823590eb11b0d191e630b97e81ea81db2a5a99cb256d08ed8b069343f23eab14
Size: 115.20 kB