It is worth remembering that the described tampered web font scenario
doesn't normally apply to XeTeX use scenarios.
Den 19 feb 2016 06:26 skrev "maxwell" :
> There is a vulnerability in the Graphite library:
>
> http://news.softpedia.com/news/vulnerability-in-font-processing-library-affects-linux
Will the next TeX Live distro's version of xetex use >= v.1.3.5?
Yes, TeX Live 2016 will use Graphite2-version >= 1.3.5.
Best,
Akira
--
Subscriptions, Archive, and List information, etc.:
http://tug.org/mailman/listinfo/xetex
There is a vulnerability in the Graphite library:
http://news.softpedia.com/news/vulnerability-in-font-processing-library-affects-linux-openoffice-firefox-500027.shtml
Reportedly the problems have been patched in version 1.3.5 of Graphite2.
But the version of xetex I'm using (3.14159265-2.6-0.99
