This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.44.0
cf-buildpacks-eng
released this
14 Mar 20:06
·
289 commits
to master
since this release
Notably, this release addresses USN-2927-1: graphite2 vulnerabilities Ubuntu Security Notice USN-2927-1:
- CVE-2016-1977: Graphite2 Machine::Code::decoder::analysis::set_ref stack out ofbounds bit set
- CVE-2016-2790: Use of uninitialised memory in [@graphite2::TtfUtil::GetTableInfo]
- CVE-2016-2791: graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::glyph]
- CVE-2016-2792: graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:232
- CVE-2016-2793: graphite2: heap-buffer-overflow read in CachedCmap.cpp
- CVE-2016-2794: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12NextCodepoint]
- CVE-2016-2795: Use of uninitialised memory in [@graphite2::FileFace::get_table_fn]
- CVE-2016-2796: graphite2: heap-buffer-overflow write in [@graphite2::vm::Machine::Code::Code]
- CVE-2016-2797: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup]
- CVE-2016-2798: graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::Loader::Loader]
- CVE-2016-2799: graphite2: heap-buffer-overflow write in [@graphite2::Slot::setAttr]
- CVE-2016-2800: graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:234
- CVE-2016-2801: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup] TtfUtil.cpp:1126
- CVE-2016-2802: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable4NextCodepoint]