Summary: | <media-gfx/fontforge-20200314: Multiple vulnerabilities (CVE-2019-15785, CVE-2020-5496) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | floppym, fonts |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/fontforge/fontforge/issues/4085 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
media-gfx/fontforge-20200314
media-libs/woff2-1.0.2-r1 hppa ppc sparc
|
Runtime testing required: | --- |
Bug Depends on: | 719058 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2020-04-01 20:36:27 UTC
Added to an existing GLSA. I suppose this is fixed in fontforge-20200314. (In reply to Mike Gilbert from comment #2) > I suppose this is fixed in fontforge-20200314. Looks like it: https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410 Ok, I would like to give this version around a week in ~arch before stabilizing it. Let's revisit this on Sunday, April 5. CVE-2019-15785 (https://nvd.nist.gov/vuln/detail/CVE-2019-15785): FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. (In reply to Mike Gilbert from comment #4) > Ok, I would like to give this version around a week in ~arch before > stabilizing it. Let's revisit this on Sunday, April 5. Whoops. Forgot about this. How're we looking? Sanity check failed:
> media-gfx/fontforge-20200314
> bdepend ppc stable profile default/linux/powerpc/ppc32/17.0 (10 total)
> media-libs/woff2:0=
> depend ppc stable profile default/linux/powerpc/ppc32/17.0 (10 total)
> media-libs/woff2:0=
> rdepend ppc stable profile default/linux/powerpc/ppc32/17.0 (10 total)
> media-libs/woff2:0=
All sanity-check issues have been resolved arm stable x86 stable amd64 stable ppc stable Sanity check failed:
> media-gfx/fontforge-20200314
> bdepend sparc stable profile default/linux/sparc/17.0 (8 total)
> media-libs/woff2:0=
> depend sparc stable profile default/linux/sparc/17.0 (8 total)
> media-libs/woff2:0=
> rdepend sparc stable profile default/linux/sparc/17.0 (8 total)
> media-libs/woff2:0=
All sanity-check issues have been resolved sparc stable Sanity check failed:
> media-gfx/fontforge-20200314
> bdepend hppa stable profile default/linux/hppa/17.0 (3 total)
> media-libs/woff2:0=
> depend hppa stable profile default/linux/hppa/17.0 (3 total)
> media-libs/woff2:0=
> rdepend hppa stable profile default/linux/hppa/17.0 (3 total)
> media-libs/woff2:0=
All sanity-check issues have been resolved hppa stable arm64 stable ppc64 stable This issue was resolved and addressed in GLSA 202004-14 at https://security.gentoo.org/glsa/202004-14 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architecture. s390 stable. Maintainer(s), please cleanup. All done. |