Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2008-1808 FreeType off-by-one flaws Alias: CVE-2008-1808 https://bugzilla.redhat.com/show_bug.cgi?id=450774 ------- Additional Comments From [EMAIL PROTECTED] 2008-06-18 04:11 EST ------- (In reply to comment #13) > In reply to https://bugzilla.redhat.com/show_bug.cgi?id=450773#c12 : > > maxTwilightPoints check does not seem directly related and was probably added > as > additional sanity check. > > As the .pfb is not supported by freetype1 we should ideally try to avoid > mentioning CVE-2008-1806 and CVE-2008-1807 in the freetype1 RPM changelog. > Its a little too late for that, as a freetype1 with those in the ChangeLog is already in rawhide. I did add "(where applicable)" to the changelog to indicate not all of the mentioned issues where relevant for freetype1. > As for bodhi update request, we do not need to submit updated freetype1 > packages > as security update, as (binary) Fedora packages were not affected by this > problem. Ok. > But I'm ok with pushing it as security update anyway, provided that we > clearly mention in the notes that only users rebuilding freetype1 with bci > were > affected by the problem. Update request should only refer to this bug, not to > the bugs for other CVEs. I don't believe anyone is offering rebuild freetype1 packages with BCI enabled, so I considered this issue closed then. If you want I can still do an update, esp. since the new freetype1 is already build in bodhi for F-8 and F-9. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-fonts-bugs-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-fonts-bugs-list
