[SECURITY] Fedora 22 Update: graphite2-1.3.6-1.fc22

updates at fedoraproject.org updates at fedoraproject.org
Tue May 10 18:00:28 UTC 2016

Fedora Update Notification
2016-05-10 11:43:00.964898

Name        : graphite2
Product     : Fedora 22
Version     : 1.3.6
Release     : 1.fc22
URL         : http://sourceforge.net/projects/silgraphite/
Summary     : Font rendering capabilities for complex non-Roman writing systems
Description :
Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language
Software Development groups to provide rendering capabilities for complex
non-Roman writing systems. Graphite can be used to create “smart fonts” capable
of displaying writing systems with various complex behaviors. With respect to
the Text Encoding Model, Graphite handles the "Rendering" aspect of writing
system implementation.

Update Information:

Unspecified security fixes  ----  Security fix for CVE-2016-1521, CVE-2016-1522,
CVE-2016-1523 and CVE-2016-1526

  [ 1 ] Bug #1305806 - CVE-2016-1521 graphite2: Two out-of-bound read vulnerabilities triggered by crafted fonts [fedora-all]
  [ 2 ] Bug #1308591 - CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup [fedora-all]
  [ 3 ] Bug #1305814 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality [fedora-all]
  [ 4 ] Bug #1305811 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities [fedora-all]

This update can be installed with the "yum" update program. Use
su -c 'yum update graphite2' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list