Summary: | <media-gfx/fontforge-20170731-r5: out-of-bounds write in SFD_GetFontMetaData function in sfd.c (CVE-2020-5395) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | floppym, fonts |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/fontforge/fontforge/issues/4084 https://github.com/fontforge/fontforge/pull/4091 |
||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-01-27 21:05:40 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=915720ab664d4b51e54009945b179578618f5e83 commit 915720ab664d4b51e54009945b179578618f5e83 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2020-01-27 22:01:48 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-01-27 22:01:48 +0000 media-gfx/fontforge: backport fix for CVE-2020-5395 Bug: https://bugs.gentoo.org/706778 Package-Manager: Portage-2.3.85_p2, Repoman-2.3.20_p36 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../{fontforge-20170731-r4.ebuild => fontforge-20170731-r5.ebuild} | 1 + .../{fontforge-20190317-r2.ebuild => fontforge-20190317-r3.ebuild} | 1 + 2 files changed, 2 insertions(+) Tree is clean. New GLSA request filed. This issue was resolved and addressed in GLSA 202004-14 at https://security.gentoo.org/glsa/202004-14 by GLSA coordinator Thomas Deutschmann (whissi). |