[ubuntu/focal-security] harfbuzz 2.6.4-1ubuntu4.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Feb 3 13:02:34 UTC 2025
harfbuzz (2.6.4-1ubuntu4.3) focal-security; urgency=medium
* SECURITY UPDATE: resource consumption via consecutive marks
- debian/patches/CVE-2023-25193-pre1.patch: refactor
skippy_iter.match() in src/hb-ot-layout-gsubgpos.hh.
- debian/patches/CVE-2023-25193-1.patch: avoid O(n^2) behavior in
mark-attachment in src/hb-ot-layout-gsubgpos.hh,
src/hb-ot-layout-gpos-table.hh.
- debian/patches/CVE-2023-25193-2.patch: optimize
_infos_set_glyph_flags to avoid O(n^2) behavior in src/hb-buffer.hh.
- debian/patches/CVE-2023-25193-3.patch: fix up previous commit in
src/hb-buffer.hh.
- debian/patches/CVE-2023-25193-4.patch: fix assert fail introduced
recently in src/hb-ot-layout-gpos-table.hh.
- CVE-2023-25193
Date: 2025-01-31 12:27:43.026202+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/harfbuzz/2.6.4-1ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list