Summary: | <media-libs/freetype-2.8: multiple overflows | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | nobrowser, polynomial-c, yngwin |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa cve glsa] | ||
Package list: |
=media-libs/freetype-2.8
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-04-27 14:33:19 UTC
CVE ID: CVE-2016-10328 Summary: FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Published: 2017-04-14T04:59:00.000Z ______________________________ CVE ID: CVE-2017-7857 Summary: FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Published: 2017-04-14T04:59:00.000Z ______________________________ CVE ID: CVE-2017-7858 Summary: FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Published: 2017-04-14T04:59:00.000Z ______________________________ CVE ID: CVE-2017-7864 Summary: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. Published: 2017-04-14T04:59:00.000Z other overflow were published: https://bugzilla.redhat.com/show_bug.cgi?id=1446500 https://bugzilla.redhat.com/show_bug.cgi?id=1446073 CVE ID: CVE-2017-8105 Summary: FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Published: 2017-04-24T18:59:00.000Z ______________________________ CVE ID: CVE-2017-8287 Summary: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Published: 2017-04-27T00:59:00.000Z freetype-2.8 was released, which addresses the aforementioned CVEs [1]. [1]: https://www.mail-archive.com/freetype-announce@nongnu.org/msg00109.html commit 2c4546adc0bcf78c07d372591cbf38fef22deee2 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat May 13 23:37:58 2017 media-libs/freetype: Security bump to version 2.8 (bug #616730). Package-Manager: Portage-2.3.5, Repoman-2.3.2 This release also introduced a bunch of new features and some changes in the hinting engines so I'd like to wait one or two days (in case some new bugs get found) before I call for stabilization. Arches please test and mark stable =media-libs/freetype-2.8 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt amd64 stable x86 stable ppc64 stable Stable for HPPA. After updating from freetype-2.7.1-r2 to 2.8, I noticed 'Terminus' font was renamed and became 'xos4 Terminus', so font settings became inconsistent in some end-user GUI applications using this font: terminal emulators, gvim, gitk. freetype-2.7.1-r2: > $ fc-list | grep -i terminus > /usr/share/fonts/terminus/ter-x18n.pcf.gz: Terminus:style=Regular > ... > /usr/share/fonts/terminus/ter-x12b.pcf.gz: Terminus:style=Bold > ... freetype-2.8: > $ fc-list | grep -i terminus > /usr/share/fonts/terminus/ter-x18n.pcf.gz: xos4 Terminus:style=Regular > ... > /usr/share/fonts/terminus/ter-x12b.pcf.gz: xos4 Terminus:style=Bold > ... Was it intended, or is it a bug? (In reply to Andrew Petelin from comment #11) > After updating from freetype-2.7.1-r2 to 2.8, File a new bug report. arm64 stable. ppc stable. (In reply to Jeroen Roovers from comment #12) > File a new bug report. https://bugs.gentoo.org/show_bug.cgi?id=618918 sparc stable Stable on alpha. arm stable Added to an existing GLSA. This issue was resolved and addressed in GLSA 201706-14 at https://security.gentoo.org/glsa/201706-14 by GLSA coordinator Kristian Fiskerstrand (K_F). ia64 stable Any reason why older versions were not masked? |