Skip to content
This repository has been archived by the owner on Mar 16, 2022. It is now read-only.

1.44.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 14 Mar 20:06
· 289 commits to master since this release
1.44.0
d8ac04b

Notably, this release addresses USN-2927-1: graphite2 vulnerabilities Ubuntu Security Notice USN-2927-1:

  • CVE-2016-1977: Graphite2 Machine::Code::decoder::analysis::set_ref stack out ofbounds bit set
  • CVE-2016-2790: Use of uninitialised memory in [@graphite2::TtfUtil::GetTableInfo]
  • CVE-2016-2791: graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::glyph]
  • CVE-2016-2792: graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:232
  • CVE-2016-2793: graphite2: heap-buffer-overflow read in CachedCmap.cpp
  • CVE-2016-2794: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12NextCodepoint]
  • CVE-2016-2795: Use of uninitialised memory in [@graphite2::FileFace::get_table_fn]
  • CVE-2016-2796: graphite2: heap-buffer-overflow write in [@graphite2::vm::Machine::Code::Code]
  • CVE-2016-2797: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup]
  • CVE-2016-2798: graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::Loader::Loader]
  • CVE-2016-2799: graphite2: heap-buffer-overflow write in [@graphite2::Slot::setAttr]
  • CVE-2016-2800: graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:234
  • CVE-2016-2801: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup] TtfUtil.cpp:1126
  • CVE-2016-2802: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable4NextCodepoint]
Assets 3
Loading