Re: freeworld packages: unacceptable delay of security updates

Sat, 21 Feb 2015 07:34:55 -0800 

Feb 21 14:07:10 Updated: freetype-freeworld-2.5.0.1-6.fc20.x86_64

running fine here, thanks

Am 20.02.2015 um 18:35 schrieb Reindl Harald:

what about maintainers of "freeworld" packages (in that case
freetype-freeworld) watching Fedora build of the package they override?
it's a joke that there is no update in "updates-testing" repos

users having the "freeworld" package installed don#t benefit in *any*
way from the Fedora security update because it never get loaded
________________________________________________

Feb 17 17:23:15 Updated: freetype-2.5.0-9.fc20.x86_64

* Di Feb 17 2015 Marek Kasik <[email protected]> - 2.5.0-9
- Fixes CVE-2014-9656
    - Check `p' before `num_glyphs'.
- Fixes CVE-2014-9657
    - Check minimum size of `record_size'.
- Fixes CVE-2014-9658
    - Use correct value for minimum table length test.
- Fixes CVE-2014-9675
    - New macro that checks one character more than `strncmp'.
- Fixes CVE-2014-9660
    - Check `_BDF_GLYPH_BITS'.
- Fixes CVE-2014-9661
    - Initialize `face->ttf_size'.
    - Always set `face->ttf_size' directly.
    - Exclusively use the `truetype' font driver for loading
      the font contained in the `sfnts' array.
- Fixes CVE-2014-9662
    - Handle return values of point allocation routines.
- Fixes CVE-2014-9663
    - Fix order of validity tests.
- Fixes CVE-2014-9664
    - Add another boundary testing.
    - Fix boundary testing.
- Fixes CVE-2014-9666
    - Protect against addition and multiplication overflow.
- Fixes CVE-2014-9667
    - Protect against addition overflow.
- Fixes CVE-2014-9669
    - Protect against overflow in additions and multiplications.
- Fixes CVE-2014-9670
    - Add sanity checks for row and column values.
- Fixes CVE-2014-9671
    - Check `size' and `offset' values.
- Fixes CVE-2014-9672
    - Prevent a buffer overrun caused by a font including too many (> 63)
      strings to store names[] table.
- Fixes CVE-2014-9673
    - Fix integer overflow by a broken POST table in resource-fork.
- Fixes CVE-2014-9674
    - Fix integer overflow by a broken POST table in resource-fork.
    - Additional overflow check in the summation of POST fragment lengths.
- Resolves: #1191099, #1191191, #1191193

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to