From secunia security advisory at $URL: Description: The vulnerabilities are caused due to errors in src/cid/cidload.c when parsing CID-keyed Type 1 fonts. This can be exploited to corrupt memory via a specially crafted font file. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 2.4.8. Solution: Update to version 2.4.8
CVE-2011-3439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439): FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Bumped.
Thanks Ryan. Arches, please test and mark stable: =media-libs/freetype-2.4.8 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
amd64 ok
Stable for HPPA.
amd64 done. Thanks Agostino
x86 stable
arm stable
alpha/ia64/m68k/s390/sh/sparc stable
ppc/ppc64 done
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml by GLSA coordinator Sean Amoss (ackle).
*** Bug 400883 has been marked as a duplicate of this bug. ***
@fonts, @tex. Bug 400883 was opened because a GLSA [1] indicates that freetype 1 is affected by these vulnerabilities. If not these vulnerabilities, it is most likely affected by /some/ vulnerabilities. What options do we have for freetype:1 given its lack of upstream support [2] and the small number of packages that require it? I believe only games-action/heavygear2 and app-text/texlive depend on freetype:1. Or do we do nothing, leave freetype:1 and texlive as is and reported as vulnerable by glsa-check? Thanks much. [1] http://www.gentoo.org/security/en/glsa/glsa-201201-09.xml [2] http://www.freetype.org/freetype1/index.html
First determine that freetype:1 is actually vulnerable.
I don't think this version supported CID-keyed fonts. The only mention of them I can find is in a comment.
(In reply to comment #15) > First determine that freetype:1 is actually vulnerable. It may or may not be vulnerable to this issue, but is likely vulnerable to at least one of the 2.x vulnerabilities that have been disclosed since support for freetype:1 stopped. Is moving away from freetype:1 an option, or do we need to look at all the recent freetype:2 vulnerabilities to see which apply?