Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 654696 (CVE-2018-6942) - <media-libs/freetype-2.9.1: crash with certain malformed variation fonts (CVE-2018-6942)
Summary: <media-libs/freetype-2.9.1: crash with certain malformed variation fonts (CVE...
Status: RESOLVED FIXED
Alias: CVE-2018-6942
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugs.chromium.org/p/oss-fuzz/...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 655052 655650
Blocks:
  Show dependency tree
 
Reported: 2018-05-03 08:28 UTC by Lars Wendler (Polynomial-C)
Modified: 2018-12-05 14:16 UTC (History)
3 users (show)

See Also:
Package list:
=media-libs/freetype-2.9.1-r3
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Wendler (Polynomial-C) gentoo-dev 2018-05-03 08:28:37 UTC
CHANGES BETWEEN 2.9 and 2.9.1 

I. IMPORTANT BUG FIXES 

- Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). 
- CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
Comment 1 Mart Raudsepp gentoo-dev 2018-05-11 08:39:35 UTC
arm64 stable
Comment 2 Larry the Git Cow gentoo-dev 2018-05-11 19:11:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c31b429a5b8af9994964416b64afc40935d06cd

commit 1c31b429a5b8af9994964416b64afc40935d06cd
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-11 19:11:07 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-11 19:11:07 +0000

    media-libs/freetype: stable 2.9.1-r1 for ia64, bug #654696
    
    Bug: https://bugs.gentoo.org/654696
    Package-Manager: Portage-2.3.36, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-libs/freetype/freetype-2.9.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2018-05-11 19:21:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71448ce899880e28310d5766a9493f654559b0ba

commit 71448ce899880e28310d5766a9493f654559b0ba
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-05-11 18:19:43 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-11 19:20:56 +0000

    media-libs/freetype: stable 2.9.1-r1 for sparc
    
    Bug: https://bugs.gentoo.org/654696
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 media-libs/freetype/freetype-2.9.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-05-11 20:36:30 UTC
amd64 stable
Comment 5 Thomas Deutschmann gentoo-dev Security 2018-05-13 22:08:07 UTC
x86 stable
Comment 6 Tobias Klausmann gentoo-dev 2018-05-14 19:22:09 UTC
Stable on alpha.
Comment 7 Sergei Trofimovich gentoo-dev 2018-05-19 18:34:09 UTC
commit 8a3acbd604bf81b28d09daa20cde83c5fe7e0826
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Fri May 18 09:59:12 2018 +0200

    media-libs/freetype: Stable for HPPA too.
Comment 8 Matt Turner gentoo-dev 2018-05-25 03:46:25 UTC
ppc64 stable
Comment 9 Matt Turner gentoo-dev 2018-05-25 04:13:11 UTC
ppc stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-05-27 14:42:37 UTC
arm stable
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-06-07 20:25:32 UTC
@maintainer, please clean vulnerable
Comment 12 Lars Wendler (Polynomial-C) gentoo-dev 2018-06-07 20:46:40 UTC
(In reply to Aaron Bauman from comment #11)
> @maintainer, please clean vulnerable

No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid freetype dependency restriction (or =2017-r4 gets stabilized).
Comment 13 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-11-25 01:44:10 UTC
@maintainers, please clean vulnerable.
Comment 14 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-12-01 01:01:47 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #12)
> (In reply to Aaron Bauman from comment #11)
> > @maintainer, please clean vulnerable
> 
> No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid
> freetype dependency restriction (or =2017-r4 gets stabilized).

@Lars, 2017-r4 is stable.
Comment 15 Lars Wendler (Polynomial-C) gentoo-dev 2018-12-05 10:57:43 UTC
(In reply to Aaron Bauman from comment #14)
> (In reply to Lars Wendler (Polynomial-C) from comment #12)
> > (In reply to Aaron Bauman from comment #11)
> > > @maintainer, please clean vulnerable
> > 
> > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid
> > freetype dependency restriction (or =2017-r4 gets stabilized).
> 
> @Lars, 2017-r4 is stable.

Yeah but =app-text/texlive-core-2017-r3 is still in the tree and depends on <media-libs/freetype-2.9.1-r3 so removal of vulnerable freetype releases would break the tree.
Comment 16 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-12-05 14:01:23 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #15)
> (In reply to Aaron Bauman from comment #14)
> > (In reply to Lars Wendler (Polynomial-C) from comment #12)
> > > (In reply to Aaron Bauman from comment #11)
> > > > @maintainer, please clean vulnerable
> > > 
> > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid
> > > freetype dependency restriction (or =2017-r4 gets stabilized).
> > 
> > @Lars, 2017-r4 is stable.
> 
> Yeah but =app-text/texlive-core-2017-r3 is still in the tree and depends on
> <media-libs/freetype-2.9.1-r3 so removal of vulnerable freetype releases
> would break the tree.

It is gone now.
Comment 17 Larry the Git Cow gentoo-dev 2018-12-05 14:13:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=841a4344507aaac22d7fe28d4b160c719c51e31f

commit 841a4344507aaac22d7fe28d4b160c719c51e31f
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-12-05 14:13:39 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-12-05 14:13:39 +0000

    media-libs/freetype: Security cleanup
    
    Bug: https://bugs.gentoo.org/654696
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 media-libs/freetype/Manifest            |   6 --
 media-libs/freetype/freetype-2.8.ebuild | 179 --------------------------------
 media-libs/freetype/freetype-2.9.ebuild | 178 -------------------------------
 3 files changed, 363 deletions(-)
Comment 18 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-12-05 14:16:34 UTC
(In reply to Larry the Git Cow from comment #17)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=841a4344507aaac22d7fe28d4b160c719c51e31f
> 
> commit 841a4344507aaac22d7fe28d4b160c719c51e31f
> Author:     Lars Wendler <polynomial-c@gentoo.org>
> AuthorDate: 2018-12-05 14:13:39 +0000
> Commit:     Lars Wendler <polynomial-c@gentoo.org>
> CommitDate: 2018-12-05 14:13:39 +0000
> 
>     media-libs/freetype: Security cleanup
>     
>     Bug: https://bugs.gentoo.org/654696
>     Package-Manager: Portage-2.3.52, Repoman-2.3.12
>     Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
> 
>  media-libs/freetype/Manifest            |   6 --
>  media-libs/freetype/freetype-2.8.ebuild | 179
> --------------------------------
>  media-libs/freetype/freetype-2.9.ebuild | 178
> -------------------------------
>  3 files changed, 363 deletions(-)

Thanks, Lars!