#3183: Freetype-2.4.3
----------------------------------------+-----------------------------------
Reporter: ra...@… | Owner: ra...@…
Type: task | Status: assigned
Priority: normal | Milestone: 6.7
Component: BOOK | Version: SVN
Severity: normal | Keywords:
----------------------------------------+-----------------------------------
Comment(by k...@…):
There are two freetype vulnerabilities which I had missed. One is
supposedly CVE-2010-3855, the other doesn't yet have a CVE.
For CVE-2010-3855 - summary details at e.g.
http://security-tracker.debian.org/tracker/CVE-2010-3855 (or lwn.net if
you are subscribed there) see
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/patch/id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a
-
{{{
+ Fix Savannah bug #31310.
+
+ * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect
against
+ invalid `runcnt' values.
+
}}}
That one seems to go way back, and distros have backported it.
For the second (probably 2.4.3 only) see
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/patch/?id=ac09390afcfaf2c63b75ffee5c0759e29359f9ac
-
{{{
+2010-11-04 suzuki toshiya <[email protected]>
+
+ [UVS] Fix find_variant_selector_charmap(), Savannah bug #31545.
+
+ Since 2010-07-04, find_variant_selector_charmap() returns
+ the first cmap subtable always under rogue-compatible
+ configuration, it causes NULL pointer dereference and
+ make UVS-related functions crashed.
+
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3183#comment:5>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
