Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 387535 (CVE-2011-3256) - <media-libs/freetype-2.4.7: vulnerabilities in handling Type 1 fonts
Summary: <media-libs/freetype-2.4.7: vulnerabilities in handling Type 1 fonts
Status: RESOLVED FIXED
Alias: CVE-2011-3256
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-18 12:53 UTC by Peter Volkov (RETIRED)
Modified: 2012-01-23 20:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Volkov (RETIRED) gentoo-dev 2011-10-18 12:53:54 UTC
<media-libs/freetype-2.4.7 has vulnerabilities in handling Type 1 fonts:

CHANGES BETWEEN 2.4.6 and 2.4.7

  I. IMPORTANT BUG FIXES

    - Some  vulnerabilities in handling Type 1 fonts  have been fixed;
      see CVE-2011-3256.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2011-10-18 12:55:47 UTC
New version is in tree. Arch teams, please, stabilize.
Comment 2 Agostino Sarubbo gentoo-dev 2011-10-18 13:06:08 UTC
from various sources, I see all related to apple iOS, are you sure that also linux is affected?
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2011-10-18 13:14:28 UTC
I'm not sure, but I see no iOS mentioning in the official ChangeLog and thus I think it's better to be on the safe side.
Comment 4 Jeroen Roovers gentoo-dev 2011-10-18 17:12:22 UTC
There:

Arch teams, please test and mark stable:
=media-libs/freetype-2.4.7
Target KEYWORDS="alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Agostino Sarubbo gentoo-dev 2011-10-18 21:12:14 UTC
(In reply to comment #2)
> from various sources, I see all related to apple iOS, are you sure that also
> linux is affected?

Confirmed by upstream.

amd64 ok
Comment 6 Jeroen Roovers gentoo-dev 2011-10-19 09:14:25 UTC
Stable for HPPA.
Comment 7 Ian Delaney (RETIRED) gentoo-dev 2011-10-20 15:29:25 UTC
amd64 ok
Comment 8 Tony Vroon gentoo-dev 2011-10-20 15:41:19 UTC
+  20 Oct 2011; Tony Vroon <chainsaw@gentoo.org> freetype-2.4.7.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "Ago" Sarubbo & Ian
+  "idella4" Delaney in security bug #387535.
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-10-22 07:21:38 UTC
x86 stable
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2011-10-22 12:01:04 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 11 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-10-23 08:29:04 UTC
ppc/ppc64 stable, last arch done
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2011-10-23 14:31:52 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:56 UTC
This issue was resolved and addressed in
 GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml
by GLSA coordinator Sean Amoss (ackle).