"I've just fixed a heap buffer overflow that can happen for some malformed `.ttf` files with PNG sbit glyphs. It seems that this vulnerability gets already actively used in the wild, so I ask all users to apply the corresponding commit as soon as possible. Tomorrow I will do a 2.10.4 release."
http://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=220bae77e549123e9a257f40ba3db9e0f6ccabc0 commit 220bae77e549123e9a257f40ba3db9e0f6ccabc0 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-10-20 01:36:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-10-20 01:37:17 +0000 media-libs/freetype: security bump for CVE-2020-15999 This vulnerability is being exploited in the wild; this fix is identical to that being used in Chromium as a band-aid for now (also in upstream git). See upstream bug for more information. Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> .../files/freetype-2.10.3-CVE-2020-15999.patch | 51 +++++ media-libs/freetype/freetype-2.10.3-r1.ebuild | 243 +++++++++++++++++++++ 2 files changed, 294 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93a975c694a048359086224a27dba08d4633d23 commit d93a975c694a048359086224a27dba08d4633d23 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-10-20 07:04:33 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-10-20 07:04:56 +0000 media-libs/freetype: Security bump to version 2.10.4. Removed old Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/freetype/Manifest | 3 ++ .../files/freetype-2.10.3-CVE-2020-15999.patch | 51 ---------------------- ...ype-2.10.3-r1.ebuild => freetype-2.10.4.ebuild} | 1 - 3 files changed, 3 insertions(+), 52 deletions(-)
amd64 done
arm64 done
arm done
sparc done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bb23682332a5a110b4e867cff9c539a015ee5b3 commit 9bb23682332a5a110b4e867cff9c539a015ee5b3 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2020-10-20 09:25:42 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-10-20 09:25:42 +0000 media-libs/freetype: stabilize 2.10.4 on x86 Bug: https://bugs.gentoo.org/750275 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-libs/freetype/freetype-2.10.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 done.
ppc{,64} stable
This issue was resolved and addressed in GLSA 202010-07 at https://security.gentoo.org/glsa/202010-07 by GLSA coordinator Sam James (sam_c).
Reopening for remaining arches.
hppa stable
s390 stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=209ba4903e93f9e05e998511bd895e05b66282fa commit 209ba4903e93f9e05e998511bd895e05b66282fa Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-11-18 07:36:00 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-11-18 07:36:00 +0000 media-libs/freetype: Security cleanup Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/freetype/Manifest | 6 - .../files/freetype-2.4.11-sizeof-types.patch | 31 --- media-libs/freetype/freetype-2.10.2-r1.ebuild | 242 --------------------- media-libs/freetype/freetype-2.10.3.ebuild | 242 --------------------- 4 files changed, 521 deletions(-)
Tree is clean, GLSA published, all done!
