aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorfeld <feld@FreeBSD.org>2016-02-10 04:30:42 +0800
committerfeld <feld@FreeBSD.org>2016-02-10 04:30:42 +0800
commit1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47 (patch)
treeee03d6d8efafdfa09a8de3570baf5fc27c61a8de /security/vuxml
parent2533c7b7164d823d2cc6280d2e79e554e28fbd56 (diff)
downloadfreebsd-ports-gnome-1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47.tar.gz
freebsd-ports-gnome-1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47.tar.zst
freebsd-ports-gnome-1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47.zip
Update graphics/graphite2 vulnerability details
I found a more comprehensive blog entry by Talos
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml22
1 files changed, 18 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index a84e834f7c60..51ec6a27df6a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -69,19 +69,33 @@ Notes:
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Talos reports:</p>
- <blockquote cite="http://www.talosintel.com/reports/TALOS-2016-0058/">
- <p>A specially crafted font can cause an out-of-bounds read
- resulting in arbitrary code execution.</p>
+ <blockquote cite="http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html">
+ <ul>
+ <li><p>An exploitable denial of service vulnerability exists
+ in the font handling of Libgraphite. A specially crafted font can cause
+ an out-of-bounds read potentially resulting in an information leak or
+ denial of service.</p></li>
+ <li><p>A specially crafted font can cause a buffer overflow
+ resulting in potential code execution.</p></li>
+ <li><p>An exploitable NULL pointer dereference exists in the
+ bidirectional font handling functionality of Libgraphite. A specially
+ crafted font can cause a NULL pointer dereference resulting in a
+ crash.</p></li>
+ </ul>
</blockquote>
</body>
</description>
<references>
- <url>http://www.talosintel.com/reports/TALOS-2016-0058/</url>
+ <url>http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html</url>
<cvename>CVE-2016-1521</cvename>
+ <cvename>CVE-2016-1522</cvename>
+ <cvename>CVE-2016-1523</cvename>
+ <cvename>CVE-2016-1526</cvename>
</references>
<dates>
<discovery>2016-02-05</discovery>
<entry>2016-02-09</entry>
+ <modified>2016-02-09</modified>
</dates>
</vuln>