https://bugzilla.redhat.com/show_bug.cgi?id=1444895 https://bugzilla.redhat.com/show_bug.cgi?id=1444898 https://bugzilla.redhat.com/show_bug.cgi?id=1444904 https://bugzilla.redhat.com/show_bug.cgi?id=1444911
CVE ID: CVE-2016-10328 Summary: FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Published: 2017-04-14T04:59:00.000Z ______________________________ CVE ID: CVE-2017-7857 Summary: FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Published: 2017-04-14T04:59:00.000Z ______________________________ CVE ID: CVE-2017-7858 Summary: FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Published: 2017-04-14T04:59:00.000Z ______________________________ CVE ID: CVE-2017-7864 Summary: FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. Published: 2017-04-14T04:59:00.000Z
other overflow were published: https://bugzilla.redhat.com/show_bug.cgi?id=1446500 https://bugzilla.redhat.com/show_bug.cgi?id=1446073
CVE ID: CVE-2017-8105 Summary: FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Published: 2017-04-24T18:59:00.000Z ______________________________ CVE ID: CVE-2017-8287 Summary: FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Published: 2017-04-27T00:59:00.000Z
freetype-2.8 was released, which addresses the aforementioned CVEs [1]. [1]: https://www.mail-archive.com/freetype-announce@nongnu.org/msg00109.html
commit 2c4546adc0bcf78c07d372591cbf38fef22deee2 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat May 13 23:37:58 2017 media-libs/freetype: Security bump to version 2.8 (bug #616730). Package-Manager: Portage-2.3.5, Repoman-2.3.2 This release also introduced a bunch of new features and some changes in the hinting engines so I'd like to wait one or two days (in case some new bugs get found) before I call for stabilization.
Arches please test and mark stable =media-libs/freetype-2.8 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt
amd64 stable
x86 stable
ppc64 stable
Stable for HPPA.
After updating from freetype-2.7.1-r2 to 2.8, I noticed 'Terminus' font was renamed and became 'xos4 Terminus', so font settings became inconsistent in some end-user GUI applications using this font: terminal emulators, gvim, gitk. freetype-2.7.1-r2: > $ fc-list | grep -i terminus > /usr/share/fonts/terminus/ter-x18n.pcf.gz: Terminus:style=Regular > ... > /usr/share/fonts/terminus/ter-x12b.pcf.gz: Terminus:style=Bold > ... freetype-2.8: > $ fc-list | grep -i terminus > /usr/share/fonts/terminus/ter-x18n.pcf.gz: xos4 Terminus:style=Regular > ... > /usr/share/fonts/terminus/ter-x12b.pcf.gz: xos4 Terminus:style=Bold > ... Was it intended, or is it a bug?
(In reply to Andrew Petelin from comment #11) > After updating from freetype-2.7.1-r2 to 2.8, File a new bug report.
arm64 stable.
ppc stable.
(In reply to Jeroen Roovers from comment #12) > File a new bug report. https://bugs.gentoo.org/show_bug.cgi?id=618918
sparc stable
Stable on alpha.
arm stable
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201706-14 at https://security.gentoo.org/glsa/201706-14 by GLSA coordinator Kristian Fiskerstrand (K_F).
ia64 stable
Any reason why older versions were not masked?