UbuntuUpdates.org

Package "graphite2"

Name: graphite2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Font rendering engine for Complex Scripts -- library
  • Debug symbols for libgraphite2
  • Development files for libgraphite2
  • Documentation for libgraphite2
Latest version: 1.3.10-0ubuntu0.14.04.1
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "graphite2" in Trusty

Repository Area Version
base main 1.2.4-1ubuntu1
security main 1.3.10-0ubuntu0.14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.10-0ubuntu0.14.04.1 2017-08-21 15:06:43 UTC
No changelog available yet.
Source diff to previous version

Version: 1.3.6-1ubuntu0.14.04.1 2016-03-14 16:07:10 UTC

  graphite2 (1.3.6-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to new upstream release 1.3.6 to fix multiple security issues.
    - CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
      CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,
      CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,
      CVE-2016-2801, CVE-2016-2802
  * Dropped upstreamed patches:
    - include-and-libraries.diff, no-specific-nunit-version.diff,
      soname.diff, CVE-2016-152x-1.patch, CVE-2016-152x-2.patch,
      CVE-2016-152x-3.patch, CVE-2016-152x-4.patch, CVE-2016-152x-5.patch
  * Updated patches for 1.3.6:
    - no-icons.diff
  * debian/patches/disable_tests.diff: disable tests that require the
    fonttools package from universe.

 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2016 14:06:56 -0500
Source diff to previous version

Version: 1.2.4-1ubuntu1.1 2016-02-17 17:07:05 UTC

  graphite2 (1.2.4-1ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2016-152x-1.patch: fix out of bounds access in
      src/Bidi.cpp.
    - debian/patches/CVE-2016-152x-2.patch: handle fonts with 0 features in
      src/FeatureMap.cpp, src/inc/FeatureMap.h.
    - debian/patches/CVE-2016-152x-3.patch: check size in src/TtfUtil.cpp.
    - debian/patches/CVE-2016-152x-4.patch: check for cntxtItem
      misalignment in src/Code.cpp.
    - debian/patches/CVE-2016-152x-5.patch: disallow nested cntxt_item in
      src/Code.cpp.
    - CVE-2016-1521
    - CVE-2016-1522
    - CVE-2016-1523
    - CVE-2016-1526
  * debian/patches/no-icons.diff: run a2x without --icons to avoid FTBFS.

 -- Marc Deslauriers <email address hidden> Thu, 11 Feb 2016 11:09:38 -0500
CVE-2016-1521 The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38
CVE-2016-1522 Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive l
CVE-2016-1523 The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x befo
CVE-2016-1526 The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before


About   -   Send Feedback to @ubuntu_updates