| Summary: | texlive-2007-r3 depends on freetype-1*, no secure freetype-1* available | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Florian Friesdorf <flo> |
| Component: | Current packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | critical | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of bug 225851 *** |
texlive-2007-r3 depends on freetype-1, but there is a glsa for the most recent freetype-1*. $ paludis --query -D texlive |grep freetype =media-libs/freetype-1* $ paludis -r * media-libs/freetype-1.4_pre20080316-r1::installed NOT OK This package has following security issues: GLSA-200806-10: "FreeType: User-assisted execution of arbitrary code" -> /var/paludis/repositories/gentoo/metadata/glsa/glsa-200806-10.xml Raised severity as it seems that it is not possible to use texlive without the insecure freetype. Reproducible: Always Steps to Reproduce: