PublicDateAtUSN: 2016-01-25 Candidate: CVE-2016-2052 PublicDate: 2016-01-25 11:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052 https://code.google.com/p/chromium/issues/detail?id=579625 https://code.google.com/p/chromium/issues/detail?id=544270 http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html https://ubuntu.com/security/notices/USN-2877-1 https://ubuntu.com/security/notices/USN-3067-1 Description: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Ubuntu-Description: Notes: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8947 Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H [7.6 HIGH] Patches_chromium-browser: upstream_chromium-browser: released (48.0.2564.82) precise_chromium-browser: ignored precise/esm_chromium-browser: DNE (precise was ignored) trusty_chromium-browser: released (48.0.2564.116-0ubuntu0.14.04.1.1111) trusty/esm_chromium-browser: DNE (trusty was released [48.0.2564.116-0ubuntu0.14.04.1.1111]) vivid_chromium-browser: released (48.0.2564.82-0ubuntu0.15.04.1.1193) vivid/ubuntu-core_chromium-browser: DNE vivid/stable-phone-overlay_chromium-browser: DNE wily_chromium-browser: released (48.0.2564.82-0ubuntu0.15.10.1.1219) xenial_chromium-browser: released (48.0.2564.82-0ubuntu1.1222) yakkety_chromium-browser: released (48.0.2564.82-0ubuntu1.1222) zesty_chromium-browser: released (48.0.2564.82-0ubuntu1.1222) devel_chromium-browser: released (48.0.2564.82-0ubuntu1.1222) Patches_oxide-qt: upstream_oxide-qt: released (1.12.5) precise_oxide-qt: DNE precise/esm_oxide-qt: DNE trusty_oxide-qt: released (1.12.5-0ubuntu0.14.04.1) trusty/esm_oxide-qt: DNE (trusty was released [1.12.5-0ubuntu0.14.04.1]) vivid_oxide-qt: released (1.12.5-0ubuntu0.15.04.1) vivid/ubuntu-core_oxide-qt: DNE vivid/stable-phone-overlay_oxide-qt: released (1.12.5-0ubuntu0.15.04.1~overlay1) wily_oxide-qt: released (1.12.5-0ubuntu0.15.10.1) xenial_oxide-qt: released (1.12.5-0ubuntu1) esm-infra/xenial_oxide-qt: released (1.12.5-0ubuntu1) yakkety_oxide-qt: released (1.12.5-0ubuntu1) zesty_oxide-qt: released (1.12.5-0ubuntu1) devel_oxide-qt: released (1.12.5-0ubuntu1) Patches_harfbuzz: upstream: https://cgit.freedesktop.org/harfbuzz/commit/?id=63ef0b41dc48d6112d1918c1b1de9de8ea90adb5 Priority_harfbuzz: low upstream_harfbuzz: released (1.0.6) precise_harfbuzz: DNE precise/esm_harfbuzz: DNE trusty_harfbuzz: not-affected (code not present) trusty/esm_harfbuzz: not-affected (code not present) vivid_harfbuzz: ignored (reached end-of-life) vivid/stable-phone-overlay_harfbuzz: ignored (reached end-of-life) vivid/ubuntu-core_harfbuzz: DNE wily_harfbuzz: ignored (reached end-of-life) xenial_harfbuzz: released (1.0.1-1ubuntu0.1) esm-infra/xenial_harfbuzz: released (1.0.1-1ubuntu0.1) yakkety_harfbuzz: not-affected (1.2.7-1) zesty_harfbuzz: not-affected (1.2.7-1) devel_harfbuzz: not-affected (1.2.7-1)