diff options
author | Jan Beich <jbeich@FreeBSD.org> | 2016-03-14 12:10:29 +0000 |
---|---|---|
committer | Jan Beich <jbeich@FreeBSD.org> | 2016-03-14 12:10:29 +0000 |
commit | 7405623db7a6628b887507cb435d3eb31fae6d3a (patch) | |
tree | 44db7c0f0245e61ca4fa59c21e97c0a89e831a09 /security/vuxml | |
parent | e02e1a88f66182635889961666b42b3b0c974572 (diff) | |
download | ports-7405623db7a6628b887507cb435d3eb31fae6d3a.tar.gz ports-7405623db7a6628b887507cb435d3eb31fae6d3a.zip |
Notes
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d9935a965a38..58af194445c6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -550,10 +550,18 @@ Notes: memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.</p> </blockquote> + <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/"> + <p>Security researcher James Clawson used the Address + Sanitizer tool to discover an out-of-bounds write in the + Graphite 2 library when loading a crafted Graphite font + file. This results in a potentially exploitable crash.</p> + </blockquote> </body> </description> <references> <url>https://www.mozilla.org/security/advisories/mfsa2016-37/</url> + <url>https://www.mozilla.org/security/advisories/mfsa2016-38/</url> + <cvename>CVE-2016-1969</cvename> <cvename>CVE-2016-1977</cvename> <cvename>CVE-2016-2790</cvename> <cvename>CVE-2016-2791</cvename> @@ -572,6 +580,7 @@ Notes: <dates> <discovery>2016-03-08</discovery> <entry>2016-03-08</entry> + <modified>2016-03-14</modified> </dates> </vuln> |