> -Original Message-
> From: Ross Burton
> Sent: 11 November 2020 11:46
> To: Diego Santa Cruz
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] FreeType CVE-2020-15999
>
> On Wed, 11 Nov 2020 at 08:06, Diego Santa Cruz via
> list
> -Original Message-
> From: mikko.rap...@bmw.de
> Sent: 11 November 2020 10:06
> To: Diego Santa Cruz
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] FreeType CVE-2020-15999
>
> Hi,
>
> On Wed, Nov 11, 2020 at 08:06:44
On Wed, 11 Nov 2020 at 08:06, Diego Santa Cruz via
lists.openembedded.org
wrote:
> Also, how should one report problems in the NVD database?
Email cpe_dictionary and explain the
situation, matching the CPE vendor/product to existing freetype CVEs
and including the version information.
Ross
Hi,
On Wed, Nov 11, 2020 at 08:06:44AM +, Diego Santa Cruz via
lists.openembedded.org wrote:
> Hi all,
>
> It was brought to my attention that FreeType < 2.10.4 is affected by a buffer
> overflow with PNG bitmaps as per
> https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/,
Hi all,
It was brought to my attention that FreeType < 2.10.4 is affected by a buffer
overflow with PNG bitmaps as per
https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
This does not appear in the CVE metrics which
