Summary: | <media-libs/freetype-2.5.3-r1 : CFF Fonts Stem Hints Processing Buffer Overflow Vulnerability (CVE-2014-2240) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexander, fonts, mgorny, multilib+disabled, nikoli, pacho, polynomial-c, yngwin |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/57291/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 492244, 501376, 501442, 504212, 504214, 504362, 504584, 504788, 504790, 504792, 504794, 504796, 504798, 504808, 504850, 514522 | ||
Bug Blocks: | 506190, 507148, 509584, 516456 |
Description
Agostino Sarubbo
2014-03-10 14:40:16 UTC
+*freetype-2.5.3 (10 Mar 2014) + + 10 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> +freetype-2.5.3.ebuild: + Security bump (bug #504088). + We cannot simply stabilize this version as there's still tracker bug #493570 with a couple of unfixed packages... (In reply to Lars Wendler (Polynomial-C) from comment #1) > +*freetype-2.5.3 (10 Mar 2014) > + > + 10 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> > +freetype-2.5.3.ebuild: > + Security bump (bug #504088). > + > > We cannot simply stabilize this version as there's still tracker bug #493570 > with a couple of unfixed packages... Only one remaining now. I'd like to move forward, and unmask/stablereq this tomorrow. Arches, please mark stable latest freetype and its reverse deps (see bugs this depends on): =media-libs/freetype-2.5.3-r1 =media-gfx/gimp-2.8.10-r1 #504212 =media-libs/sk1libs-0.9.1-r3 #504214 =media-gfx/inkscape-0.48.4-r1 #492244 >=media-video/vlc-2.1.2 #499806 =media-libs/libbluray-0.5.0 #504788 =media-video/transcode-1.1.7-r3 #504790 >=app-emulation/wine-1.7.8 #504792 =dev-util/cmake-2.8.12.1-r4 #504794 =dev-dotnet/libgdiplus-2.10.9-r1 #504796 =dev-lang/php-5.3.28-r3 #501376 =sys-devel/gcc-4.6.4 #504798 =media-video/libav-0.8.11 #504584 >=media-libs/freetype-2.5.3-r1 is still in profiles/package.mask.
(In reply to Jeroen Roovers from comment #4) > >=media-libs/freetype-2.5.3-r1 is still in profiles/package.mask. That was due to a multilib mess-up, which is now fixed. Please arches, go ahead. Stable for HPPA. *** Bug 507136 has been marked as a duplicate of this bug. *** Stabilized these on alpha: =media-libs/freetype-2.5.3-1 =sys-devel/gcc-4.6.4 =media-video/libav-0.8.11 Already stable on alpha: =media-gfx/gimp-2.8.10-r1 504212 >=media-video/vlc-2.1.2 =media-video/transcode-1.1.7-r3 =dev-util/cmake-2.8.12.1-r4 =dev-lang/php-5.3.28-r3 These were never keyworded on alpha: =media-libs/sk1libs-0.9.1-r3 =media-gfx/inkscape-0.48.4-r1 =media-libs/libbluray-0.5.0 >=app-emulation/wine-1.7.8 =dev-dotnet/libgdiplus-2.10.9-r1 I have allowed myself to change the topic to make the stablereq easier to find. ia64 stable For amd64 looks like we are blocked by bug 504796 (has arches CCed but giflib stabilization looks to be blocked). Also bug 504798 needs arched CCed CVE-2014-2240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2240): Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. arm/sparc stable ppc64 stable @maintainers, cleanup, please! GLSA ready for release. Maintainer timeout. Cleanup done. This issue was resolved and addressed in GLSA 201408-02 at http://security.gentoo.org/glsa/glsa-201408-02.xml by GLSA coordinator Mikle Kolyada (Zlogene). |