Opened 7 years ago
Closed 6 years ago
#54141 closed update (fixed)
graphite2 @1.3.9: update to 1.3.12
| Reported by: | l2dy (Zero King) | Owned by: | ryandesign (Ryan Carsten Schmidt) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | security haspatch | Cc: | Schamschula (Marius Schamschula) |
| Port: | graphite2 |
Description
Change History (8)
comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
| Status: | new → accepted |
|---|
comment:2 Changed 7 years ago by l2dy (Zero King)
| Keywords: | security added |
|---|
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.
See https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778.
comment:4 Changed 6 years ago by l2dy (Zero King)
| Summary: | graphite2 @1.3.9: update to 1.3.10 → graphite2 @1.3.9: update to 1.3.11 |
|---|
comment:5 Changed 6 years ago by Schamschula (Marius Schamschula)
| Cc: | Schamschula added |
|---|
comment:6 Changed 6 years ago by Schamschula (Marius Schamschula)
It looks like the homepage has moved to http://scripts.sil.org/cms/scripts/page.php?site_id=projects&item_id=graphite_home (ugly) and the source is now on GitHub: https://github.com/silnrsi/graphite
comment:7 Changed 6 years ago by ryandesign (Ryan Carsten Schmidt)
| Keywords: | haspatch added |
|---|---|
| Summary: | graphite2 @1.3.9: update to 1.3.11 → graphite2 @1.3.9: update to 1.3.12 |
Nearly ready to merge this PR.
comment:8 Changed 6 years ago by dgilman (David Gilman)
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Note: See
TracTickets for help on using
tickets.
I've been verifying which of our many patches and workaround are still needed, and trying to determine what new patches might be needed for this version.