RedHat recently released updates to Freetype 1 for old issues that we had believed did not affect Freetype 1: https://rhn.redhat.com/errata/RHSA-2009-1062.html These are: CVE-2006-1861 = GLSA 200607-02 = bug 124828 CVE-2007-2754 = GLSA 200705-22 = bug 179161
Created attachment 192438 [details, diff] freetype-1.4_pre20080316-CVE-2006-1861.patch
Created attachment 192440 [details, diff] freetype-1.4_pre20080316-CVE-2007-2754.patch
+*freetype-1.4_pre20080316-r2 (25 May 2009) + + 25 May 2009; Peter Alfredsen <loki_val@gentoo.org> + +freetype-1.4_pre20080316-r2.ebuild, + +files/freetype-1.4_pre20080316-CVE-2006-1861.patch, + +files/freetype-1.4_pre20080316-CVE-2007-2754.patch: + Bump with patches for CVE 2007-2754 and CVE 2006-1861. Bug 271234. +
Arches, please test and mark stable: =media-libs/freetype-1.4_pre20080316-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86 stable
ppc64 done
ppc done
alpha/arm/ia64/m68k/s390/sh/sparc stable
amd64 stable
All arches done, GLSA request filed.
GLSA 201006-01