diff options
author | feld <feld@FreeBSD.org> | 2016-02-10 04:30:42 +0800 |
---|---|---|
committer | feld <feld@FreeBSD.org> | 2016-02-10 04:30:42 +0800 |
commit | 1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47 (patch) | |
tree | ee03d6d8efafdfa09a8de3570baf5fc27c61a8de /security/vuxml | |
parent | 2533c7b7164d823d2cc6280d2e79e554e28fbd56 (diff) | |
download | freebsd-ports-gnome-1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47.tar.gz freebsd-ports-gnome-1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47.tar.zst freebsd-ports-gnome-1c7fea0b2459e77b6fb4066227b4dcb9df8c2b47.zip |
Update graphics/graphite2 vulnerability details
I found a more comprehensive blog entry by Talos
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a84e834f7c60..51ec6a27df6a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -69,19 +69,33 @@ Notes: <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Talos reports:</p> - <blockquote cite="http://www.talosintel.com/reports/TALOS-2016-0058/"> - <p>A specially crafted font can cause an out-of-bounds read - resulting in arbitrary code execution.</p> + <blockquote cite="http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"> + <ul> + <li><p>An exploitable denial of service vulnerability exists + in the font handling of Libgraphite. A specially crafted font can cause + an out-of-bounds read potentially resulting in an information leak or + denial of service.</p></li> + <li><p>A specially crafted font can cause a buffer overflow + resulting in potential code execution.</p></li> + <li><p>An exploitable NULL pointer dereference exists in the + bidirectional font handling functionality of Libgraphite. A specially + crafted font can cause a NULL pointer dereference resulting in a + crash.</p></li> + </ul> </blockquote> </body> </description> <references> - <url>http://www.talosintel.com/reports/TALOS-2016-0058/</url> + <url>http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html</url> <cvename>CVE-2016-1521</cvename> + <cvename>CVE-2016-1522</cvename> + <cvename>CVE-2016-1523</cvename> + <cvename>CVE-2016-1526</cvename> </references> <dates> <discovery>2016-02-05</discovery> <entry>2016-02-09</entry> + <modified>2016-02-09</modified> </dates> </vuln> |