1
PublicDateAtUSN: 2016-03-08
2
Candidate: CVE-2016-2790
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
7
https://bugzilla.mozilla.org/show_bug.cgi?id=1243464
8
https://usn.ubuntu.com/usn/usn-2917-1
9
https://usn.ubuntu.com/usn/usn-2927-1
10
https://usn.ubuntu.com/usn/usn-2934-1
12
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6,
13
as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7,
14
does not initialize memory for an unspecified data structure, which allows
15
remote attackers to cause a denial of service or possibly have unknown
16
other impact via a crafted Graphite smart font.
22
Assigned-to: chrisccoulson
25
upstream_firefox: released (45.0)
26
precise_firefox: released (45.0+build2-0ubuntu0.12.04.1)
27
precise/esm_firefox: DNE (precise was released [45.0+build2-0ubuntu0.12.04.1])
28
trusty_firefox: released (45.0+build2-0ubuntu0.14.04.1)
29
vivid/ubuntu-core_firefox: DNE
30
vivid/stable-phone-overlay_firefox: DNE
31
wily_firefox: released (45.0+build2-0ubuntu0.15.10.1)
32
xenial_firefox: not-affected (45.0+build2-0ubuntu1)
33
yakkety_firefox: not-affected (45.0+build2-0ubuntu1)
34
zesty_firefox: not-affected (45.0+build2-0ubuntu1)
35
devel_firefox: not-affected (45.0+build2-0ubuntu1)
38
upstream_thunderbird: released (38.7)
39
precise_thunderbird: released (1:38.7.2+build1-0ubuntu0.12.04.1)
40
precise/esm_thunderbird: DNE (precise was released [1:38.7.2+build1-0ubuntu0.12.04.1])
41
trusty_thunderbird: released (1:38.7.2+build1-0ubuntu0.14.04.1)
42
vivid/ubuntu-core_thunderbird: DNE
43
vivid/stable-phone-overlay_thunderbird: DNE
44
wily_thunderbird: released (1:38.7.2+build1-0ubuntu0.15.10.1)
45
xenial_thunderbird: released (1:38.7.2+build1-0ubuntu0.16.04.1)
46
yakkety_thunderbird: released (1:38.8.0+build1-0ubuntu1)
47
zesty_thunderbird: released (1:38.8.0+build1-0ubuntu1)
48
devel_thunderbird: released (1:38.8.0+build1-0ubuntu1)
51
upstream_graphite2: released (1.3.6-1)
52
precise_graphite2: ignored (reached end-of-life)
53
precise/esm_graphite2: DNE (precise was needed)
54
trusty_graphite2: released (1.3.6-1ubuntu0.14.04.1)
55
vivid/stable-phone-overlay_graphite2: ignored (reached end-of-life)
56
vivid/ubuntu-core_graphite2: DNE
57
wily_graphite2: released (1.3.6-1ubuntu0.15.10.1)
58
xenial_graphite2: released (1.3.6-1ubuntu1)
59
yakkety_graphite2: released (1.3.6-1ubuntu1)
60
zesty_graphite2: released (1.3.6-1ubuntu1)
61
devel_graphite2: released (1.3.6-1ubuntu1)