Freetype (http://www.freetype.org/) 2.5.5 was released a little while ago, fixing some security vulnerabilities. Actually as I understand it, 2.5.4 fixed the vulns, then 2.5.5 fixed the fix.
OpenBSD 5.7 will ship with 2.5.5; 5.6 shipped with 2.5.3 and is therefore vulnerable. The changelog for 2.5.4: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/ references this bug: http://savannah.nongnu.org/bugs/?43661 However, it's not immediately clear from that bug what the fixes are. The diff between 2.5.3 and 2.5.5 is quite large: diff -ru freetype-2.5.3 freetype-2.5.5 | wc 62922 249726 2923547 That's much too large a patch for us to provide as an errata fix. There is some discussion of this issue in RedHat's bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1172633 Again, however, it's not immediately clear which patches are required for a complete, working fix or if this bug references all of them. Ubuntu's security advisory: http://www.ubuntu.com/usn/usn-2510-1/ references no fewer than 20 CVEs which would make me think we are searching for somewhere in the neighborhood of 20 patches. Unfortunately, the FreeType project does not appear to have made these patches available separately from the releases, which makes it difficult for us to apply backports to OpenBSD.
