[engineering.redhat.com #390231] CVE-2016-1521

Greetings, I was made aware of CVE-2016-1521 this past weekend, and can find no reference to this CVE in Red Hat Bugzilla, nor has there been a Red Hat Security Bulletin regarding this. I consider this CVE to be critical as it requires zero action on the part of the user. It can be spread through malvertising, or a minor hack to a website that calls a 3rd party CSS file. The Graphite developers released an update in January, but have not specifically addressed this CVE. Can you provide a statement stating whether it has been fixed or not? References: http://www.talosintel.com/reports/TALOS-2016-0058/ http://news.softpedia.com/news/vulnerability-in-font-processing- library-affects-linux-openoffice-firefox-500027.shtml Regards, Dan Mossor