271234 – (CVE-2006-1861) <media-libs/freetype-1.4_pre20080316-r2 Old font parsing issues (CVE-2006-1861,CVE-2007-2754)

Bug 271234 (CVE-2006-1861) - <media-libs/freetype-1.4_pre20080316-r2 Old font parsing issues (CVE-2006-1861,CVE-2007-2754)

Summary: <media-libs/freetype-1.4_pre20080316-r2 Old font parsing issues (CVE-2006-186...

Status:	RESOLVED FIXED

Alias:	CVE-2006-1861

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-05-25 20:10 UTC by Robert Buchholz (RETIRED)
Modified:	2010-06-01 15:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
freetype-1.4_pre20080316-CVE-2006-1861.patch (freetype-1.4_pre20080316-CVE-2006-1861.patch,545 bytes, patch) 2009-05-25 20:11 UTC, Robert Buchholz (RETIRED)	no flags	Details \| Diff
freetype-1.4_pre20080316-CVE-2007-2754.patch (freetype-1.4_pre20080316-CVE-2007-2754.patch,486 bytes, patch) 2009-05-25 20:11 UTC, Robert Buchholz (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-05-25 20:10:57 UTC

RedHat recently released updates to Freetype 1 for old issues that we had believed did not affect Freetype 1: https://rhn.redhat.com/errata/RHSA-2009-1062.html

These are:
CVE-2006-1861 = GLSA 200607-02 = bug 124828
CVE-2007-2754 = GLSA 200705-22 = bug 179161

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2009-05-25 20:11:18 UTC

Created attachment 192438 [details, diff]
freetype-1.4_pre20080316-CVE-2006-1861.patch

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-05-25 20:11:32 UTC

Created attachment 192440 [details, diff]
freetype-1.4_pre20080316-CVE-2007-2754.patch

Comment 3 Peter Alfredsen (RETIRED) gentoo-dev

2009-05-25 21:07:28 UTC

+*freetype-1.4_pre20080316-r2 (25 May 2009)
+
+  25 May 2009; Peter Alfredsen <loki_val@gentoo.org>
+  +freetype-1.4_pre20080316-r2.ebuild,
+  +files/freetype-1.4_pre20080316-CVE-2006-1861.patch,
+  +files/freetype-1.4_pre20080316-CVE-2007-2754.patch:
+  Bump with patches for CVE 2007-2754 and CVE 2006-1861. Bug 271234.
+

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2009-05-25 21:27:37 UTC

Arches, please test and mark stable:
=media-libs/freetype-1.4_pre20080316-r2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2009-05-25 23:11:52 UTC

Stable for HPPA.

Comment 6 Christian Faulhammer (RETIRED) gentoo-dev

2009-05-26 05:56:50 UTC

x86 stable

Comment 7 Brent Baude (RETIRED) gentoo-dev

2009-05-27 15:48:12 UTC

ppc64 done

Comment 8 Brent Baude (RETIRED) gentoo-dev

2009-05-27 15:48:18 UTC

ppc done

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2009-05-27 17:30:12 UTC

alpha/arm/ia64/m68k/s390/sh/sparc stable

Comment 10 Richard Freeman gentoo-dev

2009-05-27 17:39:12 UTC

amd64 stable

Comment 11 Tobias Heinlein (RETIRED) gentoo-dev

2009-06-01 22:26:53 UTC

All arches done, GLSA request filed.

Comment 12 Alex Legler (RETIRED) archtester

2010-06-01 15:43:59 UTC

GLSA 201006-01