Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: CVE-2010-2497 freetype: integer underflow vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Summary: CVE-2010-2497 freetype: integer underflow vulnerability [fedora-all] Product: Fedora Version: 13 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: high Priority: high Component: freetype AssignedTo: behdad@fedoraproject.org ReportedBy: vdanen@redhat.com QAContact: extras-qa@fedoraproject.org CC: behdad@fedoraproject.org, kevin@tigcc.ticalc.org, fonts-bugs@lists.fedoraproject.org Blocks: 613154 Classification: Fedora Target Release: ---
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field.
Forr more information see: http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154
Please note: this issue affects multiple supported versions of Fedora. Only one tracking bug has been filed; please only close it when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Vincent Danen vdanen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |613160(CVE-2010-2498) Summary|CVE-2010-2497 freetype: |CVE-2010-2497 CVE-2010-2498 |integer underflow |freetype various flaws |vulnerability [fedora-all] |[fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #1 from Vincent Danen vdanen@redhat.com 2010-07-10 12:02:18 EDT ---
Adding parent bug CVE-2010-2498 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Vincent Danen vdanen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |613162(CVE-2010-2499) Summary|CVE-2010-2497 CVE-2010-2498 |CVE-2010-2497 CVE-2010-2498 |freetype various flaws |CVE-2010-2499 freetype |[fedora-all] |various flaws [fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #2 from Vincent Danen vdanen@redhat.com 2010-07-10 12:02:39 EDT ---
Adding parent bug CVE-2010-2499 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Vincent Danen vdanen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |613167(CVE-2010-2500) Summary|CVE-2010-2497 CVE-2010-2498 |CVE-2010-2497 CVE-2010-2498 |CVE-2010-2499 freetype |CVE-2010-2499 CVE-2010-2500 |various flaws [fedora-all] |freetype various flaws | |[fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #3 from Vincent Danen vdanen@redhat.com 2010-07-10 12:03:00 EDT ---
Adding parent bug CVE-2010-2500 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Vincent Danen vdanen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |613194(CVE-2010-2519) Summary|CVE-2010-2497 CVE-2010-2498 |CVE-2010-2497 CVE-2010-2498 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2499 CVE-2010-2500 |freetype various flaws |CVE-2010-2519 freetype |[fedora-all] |various flaws [fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #4 from Vincent Danen vdanen@redhat.com 2010-07-10 12:03:20 EDT ---
Adding parent bug CVE-2010-2519 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Vincent Danen vdanen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |613198(CVE-2010-2520) Summary|CVE-2010-2497 CVE-2010-2498 |CVE-2010-2497 CVE-2010-2498 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2519 freetype |CVE-2010-2519 CVE-2010-2520 |various flaws [fedora-all] |freetype various flaws | |[fedora-all]
--- Comment #5 from Vincent Danen vdanen@redhat.com 2010-07-10 12:11:07 EDT --- Adding CVE-2010-2520. While it doesn't affect us "out-of-the-box", it would be good to include the fix for those who do rebuild and elect to use that functionality.
Adding parent bug CVE-2010-2520 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Josh Bressers (Security Response Team) bressers@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |614557(CVE-2010-2527) Summary|CVE-2010-2497 CVE-2010-2498 |CVE-2010-2497 CVE-2010-2498 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2519 CVE-2010-2520 |CVE-2010-2519 CVE-2010-2520 |freetype various flaws |CVE-2010-2527 freetype |[fedora-all] |various flaws [fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #6 from Josh Bressers (Security Response Team) bressers@redhat.com 2010-07-14 14:44:00 EDT ---
Adding parent bug CVE-2010-2527 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Josh Bressers (Security Response Team) bressers@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |617342(CVE-2010-2541) Summary|CVE-2010-2497 CVE-2010-2498 |CVE-2010-2497 CVE-2010-2498 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2499 CVE-2010-2500 |CVE-2010-2519 CVE-2010-2520 |CVE-2010-2519 CVE-2010-2520 |CVE-2010-2527 freetype |CVE-2010-2527 CVE-2010-2541 |various flaws [fedora-all] |freetype various flaws | |[fedora-all]
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #7 from Josh Bressers (Security Response Team) bressers@redhat.com 2010-07-22 15:43:21 EDT ---
Adding parent bug CVE-2010-2541 New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #8 from Fedora Admin XMLRPC Client fedora-admin-xmlrpc@redhat.com 2010-09-22 09:54:54 EDT --- This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Fedora Admin XMLRPC Client fedora-admin-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|behdad@fedoraproject.org |mkasik@redhat.com
--- Comment #9 from Fedora Admin XMLRPC Client fedora-admin-xmlrpc@redhat.com 2010-09-22 09:55:03 EDT --- This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Marek Kašík mkasik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED Fixed In Version| |freetype-2.3.11-4.{fc12,fc1 | |3}
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #10 from Fedora Update System updates@fedoraproject.org 2010-10-04 10:10:12 EDT --- freetype-2.3.11-6.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #11 from Fedora Update System updates@fedoraproject.org 2010-10-04 10:11:09 EDT --- freetype-2.3.11-6.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA
--- Comment #12 from Fedora Update System updates@fedoraproject.org 2010-10-05 05:25:09 EDT --- freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update freetype'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #13 from Fedora Update System updates@fedoraproject.org 2010-10-19 03:22:35 EDT --- freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Fixed In Version|freetype-2.3.11-4.{fc12,fc1 |freetype-2.3.11-6.fc13 |3} | Resolution| |ERRATA Last Closed| |2010-10-19 03:22:50
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
--- Comment #14 from Fedora Update System updates@fedoraproject.org 2010-11-01 16:53:00 EDT --- freetype-2.3.11-6.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613299
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|freetype-2.3.11-6.fc13 |freetype-2.3.11-6.fc12
fonts-bugs@lists.fedoraproject.org