[XeTeX] Graphite vulnerability
Melroch
melroch at gmail.com
Fri Feb 19 16:33:08 CET 2016
It is worth remembering that the described tampered web font scenario
doesn't normally apply to XeTeX use scenarios.
Den 19 feb 2016 06:26 skrev "maxwell" <maxwell at umiacs.umd.edu>:
> There is a vulnerability in the Graphite library:
>
> http://news.softpedia.com/news/vulnerability-in-font-processing-library-affects-linux-openoffice-firefox-500027.shtml
> Reportedly the problems have been patched in version 1.3.5 of Graphite2.
> But the version of xetex I'm using (3.14159265-2.6-0.99992, from the TeX
> Live 2015 distro) says it uses Graphite2 v1.2.3. Will the next TeX Live
> distro's version of xetex use >= v.1.3.5?
> --
> Mike Maxwell
> maxwell at umiacs.umd.edu
> "I cannot believe that our existence in this universe
> is a mere quirk of fate, an accident of history, an
> incidental blip in the great cosmic drama. Our
> involvement is too intimate. The physical species
> Homo may count for nothing, but the existence of
> mind in some organism on some planet in the universe
> is surely a fact of fundamental significance. Through
> conscious beings the universe has generated
> self-awareness." --Paul Davies
>
>
> --------------------------------------------------
> Subscriptions, Archive, and List information, etc.:
> http://tug.org/mailman/listinfo/xetex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/xetex/attachments/20160219/25e1d7f4/attachment-0001.html>
More information about the XeTeX
mailing list