From $URL : Merry Christmas! Multiple security issues were reported by Mateusz Jurczyk of Google security team. These have been fixed in freetype 2.4.11 Details are as follows. * NULL Pointer Dereference in bdf_free_font Bug: https://savannah.nongnu.org/bugs/?37905 Patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a * Out-of-bounds read in _bdf_parse_glyphs Bug: https://savannah.nongnu.org/bugs/?37906 Patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d * Out-of-bounds write in _bdf_parse_glyphs Bug: https://savannah.nongnu.org/bugs/?37907 Patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
*** Bug 451606 has been marked as a duplicate of this bug. ***
+*freetype-2.4.11 (24 Jan 2013) + + 24 Jan 2013; Lars Wendler <polynomial-c@gentoo.org> +freetype-2.4.11.ebuild: + non-maintainer commit: security bump (bug #448550). +
Alright, since nobody is taking action here let's move this another step forward. Arches please test and mark stable =media-libs/freetype-2.4.11. Target keywords are: alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt Please consider masking the "infinality" USE flag for stable arches as it requires a couple of other packages becoming stable/keyworded as well.
ppc stable
ppc64 stable
x86 stable
amd64 stable
CVE-2012-5670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5670): The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. CVE-2012-5669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5669): The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. CVE-2012-5668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5668): FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
Stable for HPPA.
arm stable
sparc stable
sh stable
s390 stable
alpha stable
ia64 stable
New GLSA request filed.
# Ben de Groot <yngwin@gentoo.org> (25 Apr 2013) # freetype:1 has multiple issues, including security vulnerabilities, # see bugs 412499, 430530, 406891, 448550, 466308. # No longer supported upstream, nor in practice by us. # Masked for removal in 30 days, unless someone steps up to maintain this # and address all issues; (possible candidate for graveyard overlay). =media-libs/freetype-1.4* games-action/heavygear2
m68k -> ~ only, removing from CC. @maintainers: clean affected please.
(In reply to Chris Reffett from comment #18) @maintainers: clean affected please. done
This issue was resolved and addressed in GLSA 201402-16 at http://security.gentoo.org/glsa/glsa-201402-16.xml by GLSA coordinator Mikle Kolyada (Zlogene).
