- From: Kenji Baheux <kenjibaheux@chromium.org>
- Date: Mon, 23 Jun 2014 13:11:00 +0900
- To: public-webfonts-wg@w3.org
Received on Monday, 23 June 2014 04:11:49 UTC
Hi webfonts-wg members, I heard from David Kuettel that there was some interest about our security findings for the WOFF 2.0 reference implementation. *So, here is a short summary:* Chromium infrastructure is running a clusterfuzz <http://www.chromium.org/Home/chromium-security/bugs/using-clusterfuzz> fuzzer for WOFF 2.0. The basic concept of a fuzzer is that it tries to abuse a piece of code by throwing various input at it (e.g. mutations of valid/invalid inputs). A while ago, it found 2 class of issues that were quickly fixed. So far, it hasn't found anything new. Given that these fixes have already made it to all of our users, the 2 security bugs have been made public. If you want to learn more, please head over these links: - https://code.google.com/p/chromium/issues/detail?id=329547 - https://code.google.com/p/chromium/issues/detail?id=329258 Best regards,
Received on Monday, 23 June 2014 04:11:49 UTC