On Fri, 06 Aug 2010 22:49:20 +0200 (CEST) Werner LEMBERG <[email protected]> wrote:
> >> out of curiosity, has Apple contacted the FreeType dev group >> concerning http://www.vupen.com/english/advisories/2010/2018 >> ("FreeType Compact Font Format Two Buffer Overflow >> Vulnerabilities")? > >Yes. Fixed in 2.4.2. Unfortunately, at least, Werner and me had not heard anything from Apple (there is a possibility that we had overlooked their contact in the spam messages). We had found the mention of CFF driver vulnerability (used to crack iOS) in some web sites, and we had fixed by ourselves. It seems that RedHat got the patch written by Apple engineers, before our fix, so I guess it was just that Apple didn't find appropriate contact in FreeType2 developers. BTW, VUPEN lists "two vulnerabilities", but FreeType2 mentions "a vulnerability". Somebody may afraid that another vulnerability is left in genuine FreeType2. This is the difference of the modification part in Apple's patch & our patch. In Apple's patch, 2 stack checking are inserted to 2 CFF operators increasing the stack. In our patch, a stack checking is inserted after all CFF operations, aslike existing stack checking for CFF numerical objects. Regards, mpsuzuki _______________________________________________ Freetype mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/freetype
