[Bug 1444895] New: CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug ID: 1444895
Summary: CVE-2016-10328 freetype: heap-based buffer overflow
related to the cff_parser_run function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based
buffer overflow related to the cff_parser_run function in cff/cffparse.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 11 months
[Bug 1446500] New: CVE-2017-8105 freetype:
heap-based buffer overflow related to the t1_decoder_parse_charstrings
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Bug ID: 1446500
Summary: CVE-2017-8105 freetype: heap-based buffer overflow
related to the t1_decoder_parse_charstrings
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based
buffer overflow related to the t1_decoder_parse_charstrings function in
psaux/t1decode.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c...
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 11 months
[Bug 1271620] New: please update spec templates as per latest
guidelines
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1271620
Bug ID: 1271620
Summary: please update spec templates as per latest guidelines
Product: Fedora
Version: 23
Component: fontpackages
Assignee: nicolas.mailhot(a)laposte.net
Reporter: kvolny(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk,
tagoh(a)redhat.com
Description of problem:
I'm trying to package a font. While filing the spec template, I have found that
there is:
%install
rm -fr %{buildroot}
but the buildroot is now cleaned automatically so the `rm` command should not
be present.
Please update the spec templates according to the latest guidelines. Also note
that there may be other deviations from current packaging guidelines that I
have overlooked ...
Version-Release number of selected component (if applicable):
fontpackages-devel-1.44-14.fc23.noarch
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=162cGuTqJk&a=cc_unsubscribe
5 years, 11 months
[Bug 1532523] New: [google-droid-fonts] rebase to latest version
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1532523
Bug ID: 1532523
Summary: [google-droid-fonts] rebase to latest version
Product: Fedora
Version: rawhide
Component: google-droid-fonts
Keywords: Improvement, Rebase
Severity: high
Priority: high
Assignee: nicolas.mailhot(a)laposte.net
Reporter: dkaspar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk,
tremble(a)tremble.org.uk
Description of problem:
Currently we are using outdated font versions (of google-droid-fonts) in
Fedora.
Version-Release number of selected component (if applicable):
google-droid-fonts-20120715-12.fc27
Expected results:
I would hereby like to request a rebase to latest version of
google-droid-fonts.
Additional info:
One of these fonts (DroidSansFallback.ttf) in the package is necessary for
Ghostscript to function correctly when rendering CJK glyphs.
And according to the Fedora Packaging Guidelines packages are forbidden to
bundle fonts inside them, therefore I am using the google-droid-fonts package.
But it's content is way older than what Ghostscript currently needs.
NOTE:
In case none of the maintainers is currently available, I'm able and willing to
do this rebase myself (I'm already maintainer of urw-base35-fonts) to help you.
You would just have to set commit right for me in the Pagure
(https://src.fedoraproject.org/rpms/google-droid-fonts).
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years
[Bug 1515436] New: gnome-shell crashes with attached stacktrace:
FcConfigEvaluate at top of stack.
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1515436
Bug ID: 1515436
Summary: gnome-shell crashes with attached stacktrace:
FcConfigEvaluate at top of stack.
Product: Fedora
Version: 26
Component: fontconfig
Severity: high
Assignee: tagoh(a)redhat.com
Reporter: ndokos(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ajax(a)redhat.com, alexl(a)redhat.com,
caillon+fedoraproject(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, mbarnes(a)fastmail.com,
mclasen(a)redhat.com, pnemade(a)redhat.com,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com, tagoh(a)redhat.com
Created attachment 1356104
--> https://bugzilla.redhat.com/attachment.cgi?id=1356104&action=edit
stacktrace of gnome-shell crash.
Description of problem:
I run Fedora 26 on a Lenovo Thinkpad W541. I ran a "dnf update" last Friday
(2017-11-17) and after the update I could not login with any Gnome choice:
Gnome, Gnome Classic, or Gnome on X11 - after a couple of burps on the display,
it would return to the login prompt. I installed the cinnamon desktop and was
able to log in with that.
It turns out that gnome-shell crashes in FcConfigEvaluate - see attached
stacktrace.
Version-Release number of selected component (if applicable):
fontconfig.x86_64 2.12.6-4.fc26
@updates
How reproducible:
Always.
Steps to Reproduce:
1. dnf update
2. reboot
3. login
Actual results:
Churn a bit and then return to the login screen.
Expected results:
Successful login.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years
[Bug 1474257] New: fc-cache in multilib does not create 32bit cache
files
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1474257
Bug ID: 1474257
Summary: fc-cache in multilib does not create 32bit cache files
Product: Fedora
Version: rawhide
Component: fontconfig
Assignee: tagoh(a)redhat.com
Reporter: tagoh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org, pnemade(a)redhat.com,
tagoh(a)redhat.com
Blocks: 1468978
Description of problem:
On 64bit env, there are no way to generate {be,le}32d{4,8} caches unless
removing 64bit version of packages because the 32bit version of fc-cache binary
is hidden by the package manager. need to have separate binary to address like
gtk does.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1468978
[Bug 1468978] fc-cache in multilib does not create 32bit cache files
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years
[Bug 1485789] New: bogus permissions on /usr/share/doc/urw-fonts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1485789
Bug ID: 1485789
Summary: bogus permissions on /usr/share/doc/urw-fonts
Product: Fedora
Version: 26
Component: urw-fonts
Assignee: dkaspar(a)redhat.com
Reporter: rc040203(a)freenet.de
QA Contact: extras-qa(a)fedoraproject.org
CC: dkaspar(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org, than(a)redhat.com
Description of problem:
The urw-fonts package's permission on /usr/share/doc/urw-fonts are set
read-only:
$ rpm -qlv urw-fonts | grep doc
drw-r--r-- 2 root root 0 Feb 12 2017
/usr/share/doc/urw-fonts
-rw-r--r-- 1 root root 17992 Apr 23 2001
/usr/share/doc/urw-fonts/COPYING
-rw-r--r-- 1 root root 2245 Jan 18 2002
/usr/share/doc/urw-fonts/README
-rw-r--r-- 1 root root 1317 Jul 12 2002
/usr/share/doc/urw-fonts/README.tweaks
Version-Release number of selected component (if applicable):
urw-fonts-2.4-23.fc26.noarch
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month