From ${URL} : Description A vulnerability has been reported in FreeType, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an error in the "cf2_hintmap_build()" function (src/cff/cf2hints.c) when processing stem hints, which can be exploited to cause a stack-based buffer overflow via a specially crafted font file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 2.5.3. Solution: Update to version 2.5.3. Provided and/or discovered by: Mateusz "j00ru" Jurczyk within a bug ticket. Original Advisory: FreeType: http://www.freetype.org/index.html#news Mateusz "j00ru" Jurczyk: http://savannah.nongnu.org/bugs/?41697 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*freetype-2.5.3 (10 Mar 2014) + + 10 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> +freetype-2.5.3.ebuild: + Security bump (bug #504088). + We cannot simply stabilize this version as there's still tracker bug #493570 with a couple of unfixed packages...
(In reply to Lars Wendler (Polynomial-C) from comment #1) > +*freetype-2.5.3 (10 Mar 2014) > + > + 10 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> > +freetype-2.5.3.ebuild: > + Security bump (bug #504088). > + > > We cannot simply stabilize this version as there's still tracker bug #493570 > with a couple of unfixed packages... Only one remaining now. I'd like to move forward, and unmask/stablereq this tomorrow.
Arches, please mark stable latest freetype and its reverse deps (see bugs this depends on): =media-libs/freetype-2.5.3-r1 =media-gfx/gimp-2.8.10-r1 #504212 =media-libs/sk1libs-0.9.1-r3 #504214 =media-gfx/inkscape-0.48.4-r1 #492244 >=media-video/vlc-2.1.2 #499806 =media-libs/libbluray-0.5.0 #504788 =media-video/transcode-1.1.7-r3 #504790 >=app-emulation/wine-1.7.8 #504792 =dev-util/cmake-2.8.12.1-r4 #504794 =dev-dotnet/libgdiplus-2.10.9-r1 #504796 =dev-lang/php-5.3.28-r3 #501376 =sys-devel/gcc-4.6.4 #504798 =media-video/libav-0.8.11 #504584
>=media-libs/freetype-2.5.3-r1 is still in profiles/package.mask.
(In reply to Jeroen Roovers from comment #4) > >=media-libs/freetype-2.5.3-r1 is still in profiles/package.mask. That was due to a multilib mess-up, which is now fixed. Please arches, go ahead.
Stable for HPPA.
*** Bug 507136 has been marked as a duplicate of this bug. ***
Stabilized these on alpha: =media-libs/freetype-2.5.3-1 =sys-devel/gcc-4.6.4 =media-video/libav-0.8.11 Already stable on alpha: =media-gfx/gimp-2.8.10-r1 504212 >=media-video/vlc-2.1.2 =media-video/transcode-1.1.7-r3 =dev-util/cmake-2.8.12.1-r4 =dev-lang/php-5.3.28-r3 These were never keyworded on alpha: =media-libs/sk1libs-0.9.1-r3 =media-gfx/inkscape-0.48.4-r1 =media-libs/libbluray-0.5.0 >=app-emulation/wine-1.7.8 =dev-dotnet/libgdiplus-2.10.9-r1
I have allowed myself to change the topic to make the stablereq easier to find.
ia64 stable
For amd64 looks like we are blocked by bug 504796 (has arches CCed but giflib stabilization looks to be blocked). Also bug 504798 needs arched CCed
CVE-2014-2240 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2240): Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.
arm/sparc stable
ppc64 stable
@maintainers, cleanup, please! GLSA ready for release.
Maintainer timeout. Cleanup done.
This issue was resolved and addressed in GLSA 201408-02 at http://security.gentoo.org/glsa/glsa-201408-02.xml by GLSA coordinator Mikle Kolyada (Zlogene).
