Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. This is an important security update, so I'm asking for stabilization on all archs ASAP. http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit https://rhn.redhat.com/errata/RHSA-2011-1085.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0226
could it be, that somebody removed the stable version 2.4.4 and then the portage tree was pushed out before version 2.4.6 was stabilized ?
Should be assigned to security. amd64 ok.
Oops.
Stabilise what? Normally you'd go: Arch teams, please test and mark stable: =media-libs/freetype-2.4.6 Target KEYWORDS="alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Should bug 377255 (due to this bug, basically a version bump straight to stable) be also handles here ?
amd64 ok.
Stable for HPPA.
Archtested on x86: Everything fine
amd64 done. Thanks Ian and Agostino
(In reply to comment #8) > Archtested on x86: Everything fine +1
x86 stable. Thanks Myckel & JB
ppc/ppc64 stable
arm stable
alpha/ia64/m68k/s390/sh/sparc stable
Thanks, everyone. Added to existing GLSA request.
CVE-2011-0226 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226): Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
This issue was resolved and addressed in GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml by GLSA coordinator Sean Amoss (ackle).
