harfbuzz 2.6.4-1ubuntu4.3 source package in Ubuntu
Changelog
harfbuzz (2.6.4-1ubuntu4.3) focal-security; urgency=medium
* SECURITY UPDATE: resource consumption via consecutive marks
- debian/patches/CVE-2023-25193-pre1.patch: refactor
skippy_iter.match() in src/hb-ot-layout-gsubgpos.hh.
- debian/patches/CVE-2023-25193-1.patch: avoid O(n^2) behavior in
mark-attachment in src/hb-ot-layout-gsubgpos.hh,
src/hb-ot-layout-gpos-table.hh.
- debian/patches/CVE-2023-25193-2.patch: optimize
_infos_set_glyph_flags to avoid O(n^2) behavior in src/hb-buffer.hh.
- debian/patches/CVE-2023-25193-3.patch: fix up previous commit in
src/hb-buffer.hh.
- debian/patches/CVE-2023-25193-4.patch: fix assert fail introduced
recently in src/hb-ot-layout-gpos-table.hh.
- CVE-2023-25193
-- Marc Deslauriers <email address hidden> Thu, 30 Jan 2025 15:12:30 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | main | misc | |
| Focal | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| harfbuzz_2.6.4.orig.tar.xz | 5.7 MiB | 9413b8d96132d699687ef914ebb8c50440efc87b3f775d25856d7ec347c03c12 |
| harfbuzz_2.6.4-1ubuntu4.3.debian.tar.xz | 14.9 KiB | 0d52d6691eb48b26185d25c057c88c6dbf10ca86ea70d86fb6137fe38a6da794 |
| harfbuzz_2.6.4-1ubuntu4.3.dsc | 2.8 KiB | 7fc5f8d803f206e5fbefc839878c723f2e21fd11b62d214e766c3c3ecf1acf03 |
Available diffs
Binary packages built by this source
- gir1.2-harfbuzz-0.0: OpenType text shaping engine (GObject introspection data)
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains introspection data for the GObject bindings library.
- libharfbuzz-bin: OpenType text shaping engine (utility)
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains a command line interface for the HarfBuzz library.
- libharfbuzz-bin-dbgsym: debug symbols for libharfbuzz-bin
- libharfbuzz-dev: Development files for OpenType text shaping engine
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains the header files and static libraries for the
HarfBuzz library.
- libharfbuzz-doc: Documentation files for the HarfBuzz library
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains the HTML documentation for the HarfBuzz library.
- libharfbuzz-gobject0: OpenType text shaping engine ICU backend (GObject library)
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains the GObject library, providing wrapper GObject type
bindings for all HarfBuzz objects and enums.
- libharfbuzz-gobject0-dbgsym: debug symbols for libharfbuzz-gobject0
- libharfbuzz-icu0: OpenType text shaping engine ICU backend
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains the ICU backend.
- libharfbuzz-icu0-dbgsym: debug symbols for libharfbuzz-icu0
- libharfbuzz0-udeb: OpenType text shaping engine
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
- libharfbuzz0b: OpenType text shaping engine (shared library)
HarfBuzz is an implementation of the OpenType Layout engine (aka layout
engine) and the script-specific logic (aka shaping engine).
.
This package contains the shared libraries.
- libharfbuzz0b-dbgsym: debug symbols for libharfbuzz0b
