Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
app-text/texlive-2007-r3 depends on =media-libs/freetype-1* which has a security vulnerability[1]. A quick look on all textlive's dependencies seem to suggest that the dependency on =freetype-1* is redundant. 1. http://www.gentoo.org/security/en/glsa/glsa-200806-10.xml Reproducible: Always Steps to Reproduce:
It's not quite redundant, there a certain tool, that has never been ported to freetype 2. It's ttf2tfm.
(In reply to comment #1) > It's not quite redundant, > there a certain tool, that has never been ported to > freetype 2. > It's ttf2tfm. > It doesn't look like the author is having much time to port it to freetype 2[1]. So it looks like unless the fix for glsa-200806-10[2] is ported to freetype 1, we are pretty stuck. 1. http://groups.google.com/group/comp.text.tex/browse_thread/thread/3b41b0176fe8de6b/39fa200217617ac1 2. http://www.gentoo.org/security/en/glsa/glsa-200806-10.xml
(In reply to comment #2) > So it looks like unless the fix for glsa-200806-10[2] is ported to freetype 1, > we are pretty stuck. The ChangeLog entry for freetype-1.4_pre20080316-r1 claims that it fixes the 3 CVEs referenced by that GLSA. If you think it doesn't, I'm sure the fonts team would like to know, otherwise the GLSA should be updated to mark that version as unaffected.
Please refer to the last few comments in the bug I reference. AFAIK this is a known issue. *** This bug has been marked as a duplicate of bug 225851 ***
