July 2010 - fonts-bugs - Fedora Mailing-Lists

[Bug 613162] CVE-2010-2499 freetype: buffer overflow vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613162 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |613298 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613160] CVE-2010-2498 freetype: invalid free vulnerability with possible heap corruption

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613160 --- Comment #2 from Vincent Danen <vdanen(a)redhat.com> 2010-07-10 12:02:21 EDT --- Created freetype tracking bugs for this issue Affects: fedora-all [bug 613299] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613160] CVE-2010-2498 freetype: invalid free vulnerability with possible heap corruption

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613160 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |613299 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613160] CVE-2010-2498 freetype: invalid free vulnerability with possible heap corruption

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613160 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |613298 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613154] CVE-2010-2497 freetype: integer underflow vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613154 --- Comment #2 from Vincent Danen <vdanen(a)redhat.com> 2010-07-10 12:01:59 EDT --- Created freetype tracking bugs for this issue Affects: fedora-all [bug 613299] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613198] CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613198 --- Comment #3 from Vincent Danen <vdanen(a)redhat.com> 2010-07-10 11:59:17 EDT --- Referring to Fedora updates? I'm not sure. There is no new upstream version as of yet (probably sometime next week). I was going to create a tracking bug for all of these flaws (well, excluding this one -- you can certainly include the patch for it if you like). I'll do that in a minute. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613198] CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613198 --- Comment #2 from Kevin Kofler <kevin(a)tigcc.ticalc.org> 2010-07-10 06:42:04 EDT --- Is there a Freetype security update in the works for the other CVEs or should I patch freetype-freeworld for just this CVE while waiting on a decision for the others? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613198] CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613198 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG Status Whiteboard|public=20100609,reported=20 |public=20100609,reported=20 |100702,source=vendorsec,imp |100702,source=vendorsec,imp |act=important,cvss2=7.5/AV: |act=important,cvss2=7.5/AV: |N/AC:L/Au:N/C:P/I:P/A:P,fed |N/AC:L/Au:N/C:P/I:P/A:P,fed |ora-all/freetype=affected |ora-all/freetype=notaffecte | |d --- Comment #1 from Vincent Danen <vdanen(a)redhat.com> 2010-07-09 20:28:20 EDT --- Provided we never enable truetype bytecode support (doubtful since it's patented) this won't affect any version of freetype we ship. Users that have rebuilt freetype with truetype bytecode support enabled will probably want to patch this and rebuild again to get the fix, or revert to the (supported) version of freetype as provided (with truetype bytecode support disabled). -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613198] CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613198 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |behdad(a)fedoraproject.org, | |fonts-bugs(a)lists.fedoraproj | |ect.org, | |kevin(a)tigcc.ticalc.org -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

[Bug 613154] CVE-2010-2497 freetype: integer underflow vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=613154 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|public=20100609,reported=20 |public=20100609,reported=20 |100702,source=vendorsec,imp |100702,source=vendorsec,imp |act=moderate,cvss2=7.5/AV:N |act=important,cvss2=7.5/AV: |/AC:L/Au:N/C:P/I:P/A:P,rhel |N/AC:L/Au:N/C:P/I:P/A:P,rhe |-6/freetype=affected,fedora |l-6/freetype=affected,fedor |-all/freetype=affected |a-all/freetype=affected -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

13 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs July 2010