I don't know the detail of this website (e.g. how to use it), but it seems that some CVE reports have the links to the existing fixes in GIT repository. I'm not sure whether this website wants to acknowledge how many bugs were found once (and don't care whether they are fixed or not in the latest release), or, how many bugs are open.
For example, http://www.cvedetails.com/cve/CVE-2014-9674/ is noted as "published 2015-02-08, last update date 2015-02-27". however, as the title of CVE says, it was reported in 2014, and a fix was committed to GIT repository on 2014 November, and official release freetype-2.5.4 & 2.5.5 include this fixes. I wonder what I can do. If you know, please let me know. Regards, mpsuzuki Vincent Torri wrote: > Hey > > I would like to know the status of the fixes for the CVE reported here : > > http://www.cvedetails.com/product/7835/Freetype-Freetype.html?vendor_id=4535 > > thank you > > Vincent Torri > > _______________________________________________ > Freetype mailing list > Freetype@nongnu.org > https://lists.nongnu.org/mailman/listinfo/freetype _______________________________________________ Freetype mailing list Freetype@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype