https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Tomas Hoger <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |high Status|NEW |CLOSED Fixed In Version| |freetype 2.5.4 Resolution|--- |NOTABUG Whiteboard|impact=moderate,public=2014 |impact=important,public=201 |1124,reported=20150210,sour |41124,reported=20150210,sou |ce=cve,cvss2=3.7/AV:L/AC:H/ |rce=cve,cvss2=6.8/AV:N/AC:M |Au:N/C:P/I:P/A:P,fedora-all |/Au:N/C:P/I:P/A:P,rhel-4/fr |/freetype=affected,rhel-5/f |eetype=notaffected,rhel-5/f |reetype=new,rhel-6/freetype |reetype=notaffected,rhel-6/ |=new,rhel-7/freetype=new |freetype=notaffected,rhel-7 | |/freetype=notaffected,rhev- | |m-3/mingw-virt-viewer=notaf | |fected,fedora-all/freetype= | |affected,fedora-all/mingw-f | |reetype=affected,epel-7/min | |gw-freetype=affected Severity|medium |high Last Closed| |2015-02-19 17:04:40 --- Comment #3 from Tomas Hoger <[email protected]> --- Upstream bug is: https://savannah.nongnu.org/bugs/?43661 Issue was fixed upstream in 2.5.4. Report indicates this is issue is an incomplete fix / variant of the CVE-2014-2240 issue (bug 1074646). It affect code which was introduced in upstream version 2.4.12, and enabled by default in 2.5. The affected code is not in freetype packages in Red Hat Enterprise Linux 7 and earlier. Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fxqvwlT1s1&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/fonts-bugs http://fonts.fedoraproject.org/
