[XeTeX] Graphite vulnerability

Melroch melroch at gmail.com
Fri Feb 19 16:33:08 CET 2016


It is worth remembering that the described tampered web font scenario
doesn't normally apply to XeTeX use scenarios.
Den 19 feb 2016 06:26 skrev "maxwell" <maxwell at umiacs.umd.edu>:

> There is a vulnerability in the Graphite library:
>
> http://news.softpedia.com/news/vulnerability-in-font-processing-library-affects-linux-openoffice-firefox-500027.shtml
> Reportedly the problems have been patched in version 1.3.5 of Graphite2.
> But the version of xetex I'm using (3.14159265-2.6-0.99992, from the TeX
> Live 2015 distro) says it uses Graphite2 v1.2.3.  Will the next TeX Live
> distro's version of xetex use >= v.1.3.5?
> --
>         Mike Maxwell
>         maxwell at umiacs.umd.edu
>         "I cannot believe that our existence in this universe
>         is a mere quirk of fate, an accident of history, an
>         incidental blip in the great cosmic drama. Our
>         involvement is too intimate. The physical species
>         Homo may count for nothing, but the existence of
>         mind in some organism on some planet in the universe
>         is surely a fact of fundamental significance. Through
>         conscious beings the universe has generated
>         self-awareness." --Paul Davies
>
>
> --------------------------------------------------
> Subscriptions, Archive, and List information, etc.:
>  http://tug.org/mailman/listinfo/xetex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/xetex/attachments/20160219/25e1d7f4/attachment-0001.html>


More information about the XeTeX mailing list