DirectFB was updated to fix two security issues.
The following vulnerabilities were fixed:
- CVE-2014-2977: Multiple integer signedness errors could allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via the Voodoo interface, which triggers a stack-based
buffer overflow.
- CVE-2014-2978: Remote attackers could cause a denial of service (crash)
and possibly execute arbitrary code via the Voodoo interface, which
triggers an out-of-bounds write.