| Summary: | app-text/texlive-2007-r3 depends on =media-libs/freetype-1* which has security vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Qian Qiao <qian.qiao> |
| Component: | Current packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | levertond |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Qian Qiao
2008-08-05 11:26:55 UTC
It's not quite redundant, there a certain tool, that has never been ported to freetype 2. It's ttf2tfm. (In reply to comment #1) > It's not quite redundant, > there a certain tool, that has never been ported to > freetype 2. > It's ttf2tfm. > It doesn't look like the author is having much time to port it to freetype 2[1]. So it looks like unless the fix for glsa-200806-10[2] is ported to freetype 1, we are pretty stuck. 1. http://groups.google.com/group/comp.text.tex/browse_thread/thread/3b41b0176fe8de6b/39fa200217617ac1 2. http://www.gentoo.org/security/en/glsa/glsa-200806-10.xml (In reply to comment #2) > So it looks like unless the fix for glsa-200806-10[2] is ported to freetype 1, > we are pretty stuck. The ChangeLog entry for freetype-1.4_pre20080316-r1 claims that it fixes the 3 CVEs referenced by that GLSA. If you think it doesn't, I'm sure the fonts team would like to know, otherwise the GLSA should be updated to mark that version as unaffected. Please refer to the last few comments in the bug I reference. AFAIK this is a known issue. *** This bug has been marked as a duplicate of bug 225851 *** |
