[Bug 638522] New: CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts [fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Summary: CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts [fedora-all] Product: Fedora Version: 13 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: high Priority: high Component: freetype AssignedTo: mkasik@redhat.com ReportedBy: huzaifas@redhat.com QAContact: extras-qa@fedoraproject.org CC: behdad@fedoraproject.org, kevin@tigcc.ticalc.org, fonts-bugs@lists.fedoraproject.org, mkasik@redhat.com Blocks: 621907 Classification: Fedora Target Release: ---
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field.
For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907
Please note: this issue affects multiple supported versions of Fedora. Only one tracking bug has been filed; please only close it when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |621980(CVE-2010-2806) Summary|CVE-2010-2808 FreeType: |CVE-2010-2808 CVE-2010-2806 |Stack-based buffer overflow |freetype various flaws |by processing certain LWFN |[fedora-all] |fonts [fedora-all] |
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #1 from Huzaifa S. Sidhpurwala huzaifas@redhat.com 2010-09-29 05:06:07 EDT ---
Adding parent bug CVE-2010-2806 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |625626(CVE-2010-2805) Summary|CVE-2010-2808 CVE-2010-2806 |CVE-2010-2808 CVE-2010-2806 |freetype various flaws |CVE-2010-2805 freetype |[fedora-all] |various flaws [fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #2 from Huzaifa S. Sidhpurwala huzaifas@redhat.com 2010-09-29 05:06:26 EDT ---
Adding parent bug CVE-2010-2805 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |623625(CVE-2010-3311)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2010-2808 CVE-2010-2806 |CVE-2010-2808 CVE-2010-2806 |CVE-2010-2805 freetype |CVE-2010-2805 CVE-2010-3311 |various flaws [fedora-all] |freetype various flaws | |[fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #3 from Huzaifa S. Sidhpurwala huzaifas@redhat.com 2010-09-30 11:15:06 EDT --- Adding parent bug CVE-2010-3311 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Marek Kašík mkasik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED Fixed In Version| |freetype-2.3.11-6.{fc12,fc1 | |3}
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #4 from Fedora Update System updates@fedoraproject.org 2010-10-04 10:10:22 EDT --- freetype-2.3.11-6.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #5 from Fedora Update System updates@fedoraproject.org 2010-10-04 10:11:19 EDT --- freetype-2.3.11-6.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Alexei Podtelezhnikov apodtele@ucsd.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |apodtele@ucsd.edu
--- Comment #6 from Alexei Podtelezhnikov apodtele@ucsd.edu 2010-10-04 23:27:19 EDT --- I personally run 2.4.3 already, which is perfectly compatible
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #7 from Fedora Update System updates@fedoraproject.org 2010-10-05 05:25:19 EDT --- freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update freetype'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #8 from Kevin Kofler kevin@tigcc.ticalc.org 2010-10-05 09:27:54 EDT --- What's the status of this on Fedora 14 and Rawhide? They're currently at 2.4.2, upstream released 2.4.3 (see bug 639906), is that needed to fix some or all of these issues? If so, can you please upgrade F14 and Rawhide to 2.4.3?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Kevin Kofler kevin@tigcc.ticalc.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag| |needinfo?(mkasik@redhat.com | |)
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Marek Kašík mkasik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|needinfo?(mkasik@redhat.com | |) |
--- Comment #9 from Marek Kašík mkasik@redhat.com 2010-10-05 12:00:50 EDT --- All those CVEs should be fixed in freetype-2.4.2, but I'm not sure about CVE-2010-3311. I'll test it tomorrow.
Marek
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #10 from Fedora Update System updates@fedoraproject.org 2010-10-06 13:24:33 EDT --- freetype-2.4.2-3.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/freetype-2.4.2-3.fc14
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #11 from Marek Kašík mkasik@redhat.com 2010-10-06 13:27:47 EDT --- Hi,
I tested the freetype 2.4.2 for CVE-2010-3311 and it was not fixed. I've committed and built a fix. The version of the fix is freetype-2.4.2-3.fc14 and freetype-2.4.2-3.fc15.
Marek
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #12 from Fedora Update System updates@fedoraproject.org 2010-10-13 08:47:36 EDT --- freetype-2.4.2-3.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Fixed In Version|freetype-2.3.11-6.{fc12,fc1 |freetype-2.4.2-3.fc14 |3} | Resolution| |ERRATA Last Closed| |2010-10-13 08:47:44
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #13 from Fedora Update System updates@fedoraproject.org 2010-10-19 03:22:45 EDT --- freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|freetype-2.4.2-3.fc14 |freetype-2.3.11-6.fc13
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
--- Comment #14 from Fedora Update System updates@fedoraproject.org 2010-11-01 16:53:11 EDT --- freetype-2.3.11-6.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=638522
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|freetype-2.3.11-6.fc13 |freetype-2.3.11-6.fc12
fonts-bugs@lists.fedoraproject.org
-
Red Hat Bugzilla