I was made aware of CVE-2016-1521 this past weekend, and can find no
reference to this CVE in Red Hat Bugzilla, nor has there been a Red Hat
Security Bulletin regarding this.
I consider this CVE to be critical as it requires zero action on the
part of the user. It can be spread through malvertising, or a minor hack
to a website that calls a 3rd party CSS file.
The Graphite developers released an update in January, but have not
specifically addressed this CVE. Can you provide a statement stating
whether it has been fixed or not?
Dan Mossor, RHCSA
Fedora Server WG | Fedora KDE WG | Fedora QA Team
Fedora Ambassador | Fedora CommOps
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA