From a9aeb80405ac147574a063b1576d767813bd08e3 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Thu, 15 Jun 2017 16:03:52 +0200 Subject: [PATCH] graphite2: Update version from 1.3.9 to 1.3.10 Update the program to version 1.3.10, which is a bugfix release [1]. It was released May 5th, 2017. > This release consists only of bug fixes and one minor change to the > build flags on Intel. The bug fixes are highly recommended and make no > functional changes to the library. The Mozilla Mozilla Foundation Security Advisory (MFSA) 2017-16 gives more information [3]. > A number of security vulnerabilities in the Graphite 2 library > including out-of-bounds reads, buffer overflow reads and writes, and > the use of uninitialized memory. These issues were addressed in > Graphite 2 version 1.3.10. > > ### References ### > > * Graphite2 lz4::decompress out of bounds write (CVE-2017-7778) > * Graphite2 out of bounds read [@ graphite2::Pass::readPass] > (CVE-2017-7771) > * Graphite2 heap-buffer-overflow write [@ lz4::decompress] > (CVE-2017-7772) > * Graphite2 heap-buffer-overflow write [@ lz4::decompress] > src/Decompressor (CVE-2017-7773) > * Graphite2 out of bounds read [@ graphite2::Silf::readGraphite] > (CVE-2017-7774) > * Graphite2 Assertion 'size() > n' failed (CVE-2017-7775) > * Graphite2 heap-buffer-overflow read [@ > graphite2::Silf::getClassGlyph] (CVE-2017-7776) > * Graphite2 use of uninitialized memory [@ > graphite2::GlyphCache::Loader::read_glyph] (CVE-2017-7777) [1] https://github.com/silnrsi/graphite/releases/ --- graphite2.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/graphite2.be0 b/graphite2.be0 index 4a868ba97..03ed587c3 100755 --- a/graphite2.be0 +++ b/graphite2.be0 @@ -1,6 +1,6 @@ #!/usr/bin/env beesh -# BEE_VERSION graphite2-1.3.9-0 +# BEE_VERSION graphite2-1.3.10-0 ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.)