It looks like there is another publicly disclosed vulnerability in upstream's version 2.4.3. From a Mandriva security alert: " An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font (CVE-2010-3814)." Upstream commit at $URL.
2.4.3-r2 committed.
Thank you. Arches, please test and mark stable: =media-libs/freetype-2.4.3-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
x86 stable
arm stable
amd64 done
alpha/ia64/m68k/s390/sh/sparc stable
Stable for HPPA PPC.
ppc64 done
GLSA with bug 342121.
CVE-2010-3814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814): Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
This issue was resolved and addressed in GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml by GLSA coordinator Sean Amoss (ackle).
