Summary: | <media-libs/freetype-2.9.1: crash with certain malformed variation fonts (CVE-2018-6942) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alarig, fonts, polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 | ||
See Also: | https://github.com/gentoo/gentoo/pull/8627 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=media-libs/freetype-2.9.1-r3
|
Runtime testing required: | --- |
Bug Depends on: | 655052, 655650 | ||
Bug Blocks: |
Description
Lars Wendler (Polynomial-C) (RETIRED)
![]() arm64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c31b429a5b8af9994964416b64afc40935d06cd commit 1c31b429a5b8af9994964416b64afc40935d06cd Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-11 19:11:07 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-11 19:11:07 +0000 media-libs/freetype: stable 2.9.1-r1 for ia64, bug #654696 Bug: https://bugs.gentoo.org/654696 Package-Manager: Portage-2.3.36, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-libs/freetype/freetype-2.9.1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71448ce899880e28310d5766a9493f654559b0ba commit 71448ce899880e28310d5766a9493f654559b0ba Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-11 18:19:43 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-11 19:20:56 +0000 media-libs/freetype: stable 2.9.1-r1 for sparc Bug: https://bugs.gentoo.org/654696 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-libs/freetype/freetype-2.9.1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) amd64 stable x86 stable Stable on alpha. commit 8a3acbd604bf81b28d09daa20cde83c5fe7e0826 Author: Jeroen Roovers <jer@gentoo.org> Date: Fri May 18 09:59:12 2018 +0200 media-libs/freetype: Stable for HPPA too. ppc64 stable ppc stable arm stable @maintainer, please clean vulnerable (In reply to Aaron Bauman from comment #11) > @maintainer, please clean vulnerable No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid freetype dependency restriction (or =2017-r4 gets stabilized). @maintainers, please clean vulnerable. (In reply to Lars Wendler (Polynomial-C) from comment #12) > (In reply to Aaron Bauman from comment #11) > > @maintainer, please clean vulnerable > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid > freetype dependency restriction (or =2017-r4 gets stabilized). @Lars, 2017-r4 is stable. (In reply to Aaron Bauman from comment #14) > (In reply to Lars Wendler (Polynomial-C) from comment #12) > > (In reply to Aaron Bauman from comment #11) > > > @maintainer, please clean vulnerable > > > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid > > freetype dependency restriction (or =2017-r4 gets stabilized). > > @Lars, 2017-r4 is stable. Yeah but =app-text/texlive-core-2017-r3 is still in the tree and depends on <media-libs/freetype-2.9.1-r3 so removal of vulnerable freetype releases would break the tree. (In reply to Lars Wendler (Polynomial-C) from comment #15) > (In reply to Aaron Bauman from comment #14) > > (In reply to Lars Wendler (Polynomial-C) from comment #12) > > > (In reply to Aaron Bauman from comment #11) > > > > @maintainer, please clean vulnerable > > > > > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid > > > freetype dependency restriction (or =2017-r4 gets stabilized). > > > > @Lars, 2017-r4 is stable. > > Yeah but =app-text/texlive-core-2017-r3 is still in the tree and depends on > <media-libs/freetype-2.9.1-r3 so removal of vulnerable freetype releases > would break the tree. It is gone now. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=841a4344507aaac22d7fe28d4b160c719c51e31f commit 841a4344507aaac22d7fe28d4b160c719c51e31f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-12-05 14:13:39 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-12-05 14:13:39 +0000 media-libs/freetype: Security cleanup Bug: https://bugs.gentoo.org/654696 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/freetype/Manifest | 6 -- media-libs/freetype/freetype-2.8.ebuild | 179 -------------------------------- media-libs/freetype/freetype-2.9.ebuild | 178 ------------------------------- 3 files changed, 363 deletions(-) (In reply to Larry the Git Cow from comment #17) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=841a4344507aaac22d7fe28d4b160c719c51e31f > > commit 841a4344507aaac22d7fe28d4b160c719c51e31f > Author: Lars Wendler <polynomial-c@gentoo.org> > AuthorDate: 2018-12-05 14:13:39 +0000 > Commit: Lars Wendler <polynomial-c@gentoo.org> > CommitDate: 2018-12-05 14:13:39 +0000 > > media-libs/freetype: Security cleanup > > Bug: https://bugs.gentoo.org/654696 > Package-Manager: Portage-2.3.52, Repoman-2.3.12 > Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> > > media-libs/freetype/Manifest | 6 -- > media-libs/freetype/freetype-2.8.ebuild | 179 > -------------------------------- > media-libs/freetype/freetype-2.9.ebuild | 178 > ------------------------------- > 3 files changed, 363 deletions(-) Thanks, Lars! |