Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Attached debdiff fixes a non-severe security issue in harfbuzz.
I've been using that for a few weeks on my jessie desktop.
Cheers,
Moritz
diff -Nru harfbuzz-0.9.35/debian/changelog harfbuzz-0.9.35/debian/changelog
--- harfbuzz-0.9.35/debian/changelog 2014-10-30 13:58:05.000000000 +0100
+++ harfbuzz-0.9.35/debian/changelog 2016-05-30 23:50:45.000000000 +0200
@@ -1,3 +1,10 @@
+harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium
+
+ * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to address
+ CVE-2016-2052
+
+ -- Moritz Mühlenhoff <jmm@debian.org> Mon, 30 May 2016 23:49:46 +0200
+
harfbuzz (0.9.35-2) unstable; urgency=medium
* debain/clean: Remove test/shaping/*.pyc during clean
diff -Nru harfbuzz-0.9.35/debian/patches/CVE-2016-2052.patch harfbuzz-0.9.35/debian/patches/CVE-2016-2052.patch
--- harfbuzz-0.9.35/debian/patches/CVE-2016-2052.patch 1970-01-01 01:00:00.000000000 +0100
+++ harfbuzz-0.9.35/debian/patches/CVE-2016-2052.patch 2016-05-30 23:51:38.000000000 +0200
@@ -0,0 +1,14 @@
+* Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to address
+ CVE-2016-2052
+
+--- harfbuzz-0.9.35.orig/src/hb-ot-layout-common-private.hh
++++ harfbuzz-0.9.35/src/hb-ot-layout-common-private.hh
+@@ -38,7 +38,7 @@ namespace OT {
+
+
+ #define NOT_COVERED ((unsigned int) -1)
+-#define MAX_NESTING_LEVEL 8
++#define MAX_NESTING_LEVEL 6
+ #define MAX_CONTEXT_LENGTH 64
+
+
diff -Nru harfbuzz-0.9.35/debian/patches/series harfbuzz-0.9.35/debian/patches/series
--- harfbuzz-0.9.35/debian/patches/series 2014-10-30 13:58:05.000000000 +0100
+++ harfbuzz-0.9.35/debian/patches/series 2016-05-30 23:51:25.000000000 +0200
@@ -1 +1,2 @@
unbreak_abi.diff
+CVE-2016-2052.patch
Reply to: