svn commit: r411058 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Mon Mar 14 12:10:30 UTC 2016
Author: jbeich
Date: Mon Mar 14 12:10:29 2016
New Revision: 411058
URL: https://svnweb.freebsd.org/changeset/ports/411058
Log:
Document one more graphite2 vulnerability
Modified:
head/security/vuxml/vuln.xml (contents, props changed)
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Mar 14 12:04:26 2016 (r411057)
+++ head/security/vuxml/vuln.xml Mon Mar 14 12:10:29 2016 (r411058)
@@ -550,10 +550,18 @@ Notes:
memory, out-of-bounds read, and out-of-bounds write errors
when working with fuzzed graphite fonts.</p>
</blockquote>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/">
+ <p>Security researcher James Clawson used the Address
+ Sanitizer tool to discover an out-of-bounds write in the
+ Graphite 2 library when loading a crafted Graphite font
+ file. This results in a potentially exploitable crash.</p>
+ </blockquote>
</body>
</description>
<references>
<url>https://www.mozilla.org/security/advisories/mfsa2016-37/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-38/</url>
+ <cvename>CVE-2016-1969</cvename>
<cvename>CVE-2016-1977</cvename>
<cvename>CVE-2016-2790</cvename>
<cvename>CVE-2016-2791</cvename>
@@ -572,6 +580,7 @@ Notes:
<dates>
<discovery>2016-03-08</discovery>
<entry>2016-03-08</entry>
+ <modified>2016-03-14</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list