UbuntuUpdates.org

Package "harfbuzz"

Name: harfbuzz

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenType text shaping engine (utility)

Latest version: 2.7.4-1ubuntu3.1
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "harfbuzz" in Jammy

Repository Area Version
base main 2.7.4-1ubuntu3
base universe 2.7.4-1ubuntu3
security main 2.7.4-1ubuntu3.1
updates main 2.7.4-1ubuntu3.1
updates universe 2.7.4-1ubuntu3.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.7.4-1ubuntu3.1 2022-07-19 14:06:19 UTC

  harfbuzz (2.7.4-1ubuntu3.1) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2022-33068-1.patch: limit glyph extents in
      src/hb-ot-color-sbix-table.hh.
    - debian/patches/CVE-2022-33068-2.patch: fix conditional in
      src/hb-ot-color-sbix-table.hh.
    - CVE-2022-33068

 -- Marc Deslauriers <email address hidden> Wed, 13 Jul 2022 12:40:13 -0400

CVE-2022-33068 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified v



About   -   Send Feedback to @ubuntu_updates