First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 172577
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 172577 depends on: Show dependency tree
Bug 172577 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-03-28 17:33 0000 
Freetype is also affected by IDEF739. See bug #172575.

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-03-28 17:36:12 0000 ------- 
Planned public release sometime next week but the patches are already available
in upstream CVS so release might be sooner.

CC'ing Chris to keep him up to speed.

Foser please advise.

------- Comment #2 From Chris Gianelloni (RETIRED) 2007-03-28 22:58:45 0000 ------- 
If the patches are already in upstream CVS, can we just pull them and
*silently* add them to the release snapshot?  Users will still be upgrading to
the latest version some time after install, but their initial install won't be
vulnerable to this, either.

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-03-29 14:16:37 0000 ------- 
Chris I would suppose so. Either way I think this will go full public before
2007.0 release date so just go ahead.

If you have a fixed ebuild before foser posts here, please attach it here.

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-04-04 06:42:45 0000 ------- 
Adding Ryan as he seems to have made the last bumps.

------- Comment #5 From foser (RETIRED) 2007-04-04 14:24:14 0000 ------- 
Apologies for my afkish-ness . Just added freetype-2.1.10-r3 and
freetype-2.3.2-r3 with the fix for testing.

The one to push for stable is the 2.1 series . The patch applied to 2.1.10
without problems and I couldn't find any obvious differences in the patched
code that would make it unreliable, but a double check wouldn't hurt.

------- Comment #6 From Ryan Hill 2007-04-06 00:29:08 0000 ------- 
public: http://secunia.com/advisories/24768/
also bug #173438

------- Comment #7 From Ryan Hill 2007-04-06 21:32:32 0000 ------- 
*** Bug 173438 has been marked as a duplicate of this bug. ***

------- Comment #8 From Sune Kloppenborg Jeppesen 2007-04-11 10:15:08 0000 ------- 
Thx foser/Ryan.

Opening since this is now public.

Arches please test and mark stable. Target keywords are:

freetype-2.1.10-r3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc
ppc64 s390 sh sparc x86 ~x86-fbsd"

------- Comment #9 From Raúl Porcel 2007-04-11 11:44:54 0000 ------- 
ia64 + x86 stable

------- Comment #10 From Peter Weller 2007-04-11 13:26:46 0000 ------- 
Stable on amd64

------- Comment #11 From Markus Rothe 2007-04-11 14:14:52 0000 ------- 
ppc64 stable

------- Comment #12 From Gustavo Zacarias (RETIRED) 2007-04-11 14:39:07 0000 ------- 
sparc stable.

------- Comment #13 From Tobias Scherbaum 2007-04-11 19:53:21 0000 ------- 
ppc stable

------- Comment #14 From Jeroen Roovers 2007-04-12 08:14:06 0000 ------- 
Stable for HPPA.

------- Comment #15 From Jose Luis Rivero (yoswink) 2007-04-12 08:56:08 0000 ------- 
alpha done

------- Comment #16 From Sune Kloppenborg Jeppesen 2007-04-12 09:19:51 0000 ------- 
This one is ready for GLSA.

------- Comment #17 From Raphael Marichez 2007-05-02 03:03:34 0000 ------- 
GLSA 200705-02, thanks everybody
First Last Prev Next    No search results available      Search page      Enter new bug