← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

PublicDateAtUSN: 2016-03-08
Candidate: CVE-2016-1977
PublicDate: 2016-03-13
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
 https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
 https://bugzilla.mozilla.org/show_bug.cgi?id=1248876
 http://www.ubuntu.com/usn/usn-2917-1
 http://www.ubuntu.com/usn/usn-2927-1
 http://www.ubuntu.com/usn/usn-2934-1
Description:
 The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before
 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before
 38.7, allows remote attackers to execute arbitrary code or cause a denial
 of service (stack memory corruption) via a crafted Graphite smart font.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chrisccoulson

Patches_firefox:
upstream_firefox: released (45.0)
precise_firefox: released (45.0+build2-0ubuntu0.12.04.1)
precise/esm_firefox: DNE (precise was released [45.0+build2-0ubuntu0.12.04.1])
trusty_firefox: released (45.0+build2-0ubuntu0.14.04.1)
vivid/ubuntu-core_firefox: DNE
vivid/stable-phone-overlay_firefox: DNE
wily_firefox: released (45.0+build2-0ubuntu0.15.10.1)
xenial_firefox: not-affected (45.0+build2-0ubuntu1)
yakkety_firefox: not-affected (45.0+build2-0ubuntu1)
zesty_firefox: not-affected (45.0+build2-0ubuntu1)
devel_firefox: not-affected (45.0+build2-0ubuntu1)

Patches_thunderbird:
upstream_thunderbird: released (38.7)
precise_thunderbird: released (1:38.7.2+build1-0ubuntu0.12.04.1)
precise/esm_thunderbird: DNE (precise was released [1:38.7.2+build1-0ubuntu0.12.04.1])
trusty_thunderbird: released (1:38.7.2+build1-0ubuntu0.14.04.1)
vivid/ubuntu-core_thunderbird: DNE
vivid/stable-phone-overlay_thunderbird: DNE
wily_thunderbird: released (1:38.7.2+build1-0ubuntu0.15.10.1)
xenial_thunderbird: released (1:38.7.2+build1-0ubuntu0.16.04.1)
yakkety_thunderbird: released (1:38.8.0+build1-0ubuntu1)
zesty_thunderbird: released (1:38.8.0+build1-0ubuntu1)
devel_thunderbird: released (1:38.8.0+build1-0ubuntu1)

Patches_graphite2:
upstream_graphite2: released (1.3.6-1)
precise_graphite2: ignored (reached end-of-life)
precise/esm_graphite2: DNE (precise was needed)
trusty_graphite2: released (1.3.6-1ubuntu0.14.04.1)
vivid/stable-phone-overlay_graphite2: ignored (reached end-of-life)
vivid/ubuntu-core_graphite2: DNE
wily_graphite2: released (1.3.6-1ubuntu0.15.10.1)
xenial_graphite2: released (1.3.6-1ubuntu1)
yakkety_graphite2: released (1.3.6-1ubuntu1)
zesty_graphite2: released (1.3.6-1ubuntu1)
devel_graphite2: released (1.3.6-1ubuntu1)