Summary: | <media-libs/freetype-2.10.3-r1: Heap buffer overflow in malformed ttf files (CVE-2020-15999) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | fonts, polynomial-c |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.nongnu.org/archive/html/freetype-announce/2020-10/msg00001.html | ||
See Also: |
https://savannah.nongnu.org/bugs/?59308 https://bugs.gentoo.org/show_bug.cgi?id=747808 |
||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 750866 |
Description
Sam James
2020-10-20 01:16:38 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=220bae77e549123e9a257f40ba3db9e0f6ccabc0 commit 220bae77e549123e9a257f40ba3db9e0f6ccabc0 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-10-20 01:36:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-10-20 01:37:17 +0000 media-libs/freetype: security bump for CVE-2020-15999 This vulnerability is being exploited in the wild; this fix is identical to that being used in Chromium as a band-aid for now (also in upstream git). See upstream bug for more information. Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> .../files/freetype-2.10.3-CVE-2020-15999.patch | 51 +++++ media-libs/freetype/freetype-2.10.3-r1.ebuild | 243 +++++++++++++++++++++ 2 files changed, 294 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93a975c694a048359086224a27dba08d4633d23 commit d93a975c694a048359086224a27dba08d4633d23 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-10-20 07:04:33 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-10-20 07:04:56 +0000 media-libs/freetype: Security bump to version 2.10.4. Removed old Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/freetype/Manifest | 3 ++ .../files/freetype-2.10.3-CVE-2020-15999.patch | 51 ---------------------- ...ype-2.10.3-r1.ebuild => freetype-2.10.4.ebuild} | 1 - 3 files changed, 3 insertions(+), 52 deletions(-) amd64 done arm64 done arm done sparc done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bb23682332a5a110b4e867cff9c539a015ee5b3 commit 9bb23682332a5a110b4e867cff9c539a015ee5b3 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2020-10-20 09:25:42 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-10-20 09:25:42 +0000 media-libs/freetype: stabilize 2.10.4 on x86 Bug: https://bugs.gentoo.org/750275 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-libs/freetype/freetype-2.10.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) x86 done. ppc{,64} stable This issue was resolved and addressed in GLSA 202010-07 at https://security.gentoo.org/glsa/202010-07 by GLSA coordinator Sam James (sam_c). Reopening for remaining arches. hppa stable s390 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=209ba4903e93f9e05e998511bd895e05b66282fa commit 209ba4903e93f9e05e998511bd895e05b66282fa Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-11-18 07:36:00 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-11-18 07:36:00 +0000 media-libs/freetype: Security cleanup Bug: https://bugs.gentoo.org/750275 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/freetype/Manifest | 6 - .../files/freetype-2.4.11-sizeof-types.patch | 31 --- media-libs/freetype/freetype-2.10.2-r1.ebuild | 242 --------------------- media-libs/freetype/freetype-2.10.3.ebuild | 242 --------------------- 4 files changed, 521 deletions(-) Tree is clean, GLSA published, all done! |