[Bug 1741802] New: CVE-2015-9290 freetype: buffer over-read in function T1_Get_Private_Dict in type1/t1parse.c
2 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Bug ID: 1741802
Summary: CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com,
dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org,
mclasen(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mkasik(a)redhat.com,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in FreeType before 2.6.1, a buffer over-read occurs
in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that
the new values of cur and limit are sensible before going to Again.
Reference:
https://savannah.nongnu.org/bugs/?45923
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/...
--
You are receiving this mail because:
You are on the CC list for the bug.
2:01 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1741803
--- Comment #1 from Dhananjay Arunesh <darunesh(a)redhat.com> ---
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1741803]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1741803
[Bug 1741803] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
2:06 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1741804
Fixed In Version| |freetype 2.6.1
--
You are receiving this mail because:
You are on the CC list for the bug.
2:07 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|freetype 2.6.1 |FreeType 2.6.1
--
You are receiving this mail because:
You are on the CC list for the bug.
11:02 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Marek Kašík <mkasik(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(darunesh(a)redhat.c
| |om)
--- Comment #2 from Marek Kašík <mkasik(a)redhat.com> ---
Hi, is this an issue in current Fedora? I see that we have 2.9.1 in Fedora 29
and the code fixing this issue is there. Also I can not reproduce this with the
reproducer on Fedora 30.
--
You are receiving this mail because:
You are on the CC list for the bug.
10:31 p.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
--- Comment #3 from Doran Moppert <dmoppert(a)redhat.com> ---
In reply to comment #2:
Hi, is this an issue in current Fedora? I see that we have 2.9.1 in
Fedora
29 and the code fixing this issue is there. Also I can not reproduce this
with the reproducer on Fedora 30.
It seems not: while this CVE assignment was only published recently, the
original issue was fixed upstream in release 2.6.1, and is present in active
Fedora releases. The Fedora tracking bug 1741803 can be closed.
--
You are receiving this mail because:
You are on the CC list for the bug.
midnight
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(darunesh(a)redhat.c |
|om) |
--
You are receiving this mail because:
You are on the CC list for the bug.
4:34 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Stefan Cornelius <scorneli(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |low
Severity|medium |low
--
You are receiving this mail because:
You are on the CC list for the bug.
4:35 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
--- Comment #4 from Stefan Cornelius <scorneli(a)redhat.com> ---
Statement:
This issue affects the versions of freetype as shipped with Red Hat Enterprise
Linux 5 and 6.
This issue did not affect the versions of freetype as shipped with Red Hat
Enterprise Linux 7 and 8.
Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and
maintenance life cycle. This issue is not currently planned to be addressed in
future updates. For additional information, refer to the Red Hat Enterprise
Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support
and maintenance life cycle. This has been rated as having a security impact of
Low, and is not currently planned to be addressed in future updates. For
additional information, refer to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:07 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Product Security DevOps Team <prodsec-dev(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
Last Closed| |2019-08-27 13:07:22
--- Comment #6 from Product Security DevOps Team <prodsec-dev(a)redhat.com> ---
This bug is now closed. Further updates for individual products will be
reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2015-9290
--
You are receiving this mail because:
You are on the CC list for the bug.
7:12 a.m.
New subject: [Bug 1741802] CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Bug 1741802 depends on bug 1741803, which changed state.
Bug 1741803 Summary: CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1741803
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WONTFIX
--
You are receiving this mail because:
You are on the CC list for the bug.
1721
days inactive
1739
days old
fonts-bugs@lists.fedoraproject.org
10 comments
1 participants
participants (1)
-
bugzilla@redhat.com