[Bug 613299] New: CVE-2010-2497 freetype: integer underflow vulnerability [fedora-all]

List overview All Threads
Download

newer

older

[Bug 621627] New: CVE-2010-1797...

[Bug 622682] New: characters cuts...

Red Hat Bugzilla

10 Jul 2010 10 Jul '10

5:01 p.m.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

Summary: CVE-2010-2497 freetype: integer underflow vulnerability [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Summary: CVE-2010-2497 freetype: integer underflow vulnerability [fedora-all] Product: Fedora Version: 13 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: high Priority: high Component: freetype AssignedTo: behdad@fedoraproject.org ReportedBy: vdanen@redhat.com QAContact: extras-qa@fedoraproject.org CC: behdad@fedoraproject.org, kevin@tigcc.ticalc.org, fonts-bugs@lists.fedoraproject.org Blocks: 613154 Classification: Fedora Target Release: ---

This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field.

Forr more information see: http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.

Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154

Please note: this issue affects multiple supported versions of Fedora. Only one tracking bug has been filed; please only close it when all affected versions are fixed.

[bug automatically created by: add-tracking-bugs]

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

Red Hat Bugzilla

10 Jul 10 Jul

5:02 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Vincent Danen vdanen@redhat.com changed:

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:02 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #1 from Vincent Danen vdanen@redhat.com 2010-07-10 12:02:18 EDT ---

Adding parent bug CVE-2010-2498 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:02 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Vincent Danen vdanen@redhat.com changed:

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:02 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #2 from Vincent Danen vdanen@redhat.com 2010-07-10 12:02:39 EDT ---

Adding parent bug CVE-2010-2499 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:02 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Vincent Danen vdanen@redhat.com changed:

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:03 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #3 from Vincent Danen vdanen@redhat.com 2010-07-10 12:03:00 EDT ---

Adding parent bug CVE-2010-2500 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:03 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Vincent Danen vdanen@redhat.com changed:

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:03 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #4 from Vincent Danen vdanen@redhat.com 2010-07-10 12:03:20 EDT ---

Adding parent bug CVE-2010-2519 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5:11 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Vincent Danen vdanen@redhat.com changed:

--- Comment #5 from Vincent Danen vdanen@redhat.com 2010-07-10 12:11:07 EDT --- Adding CVE-2010-2520. While it doesn't affect us "out-of-the-box", it would be good to include the fix for those who do rebuild and elect to use that functionality.

Adding parent bug CVE-2010-2520 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

14 Jul 14 Jul

7:43 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Josh Bressers (Security Response Team) bressers@redhat.com changed:

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

7:44 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #6 from Josh Bressers (Security Response Team) bressers@redhat.com 2010-07-14 14:44:00 EDT ---

Adding parent bug CVE-2010-2527 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

22 Jul 22 Jul

8:43 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Josh Bressers (Security Response Team) bressers@redhat.com changed:

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

8:43 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #7 from Josh Bressers (Security Response Team) bressers@redhat.com 2010-07-22 15:43:21 EDT ---

Adding parent bug CVE-2010-2541 New bodhi update url:

https://admin.fedoraproject.org/updates/new/?type_=security&bugs=613154,...

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

22 Sep 22 Sep

2:54 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #8 from Fedora Admin XMLRPC Client fedora-admin-xmlrpc@redhat.com 2010-09-22 09:54:54 EDT --- This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

2:55 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Fedora Admin XMLRPC Client fedora-admin-xmlrpc@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|behdad@fedoraproject.org |mkasik@redhat.com

--- Comment #9 from Fedora Admin XMLRPC Client fedora-admin-xmlrpc@redhat.com 2010-09-22 09:55:03 EDT --- This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

4 Oct 4 Oct

2:58 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Marek Kašík mkasik@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED Fixed In Version| |freetype-2.3.11-4.{fc12,fc1 | |3}

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

3:10 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #10 from Fedora Update System updates@fedoraproject.org 2010-10-04 10:10:12 EDT --- freetype-2.3.11-6.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

3:11 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #11 from Fedora Update System updates@fedoraproject.org 2010-10-04 10:11:09 EDT --- freetype-2.3.11-6.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

5 Oct 5 Oct

10:25 a.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Fedora Update System updates@fedoraproject.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA

--- Comment #12 from Fedora Update System updates@fedoraproject.org 2010-10-05 05:25:09 EDT --- freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update freetype'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

19 Oct 19 Oct

8:22 a.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #13 from Fedora Update System updates@fedoraproject.org 2010-10-19 03:22:35 EDT --- freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

8:22 a.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Fedora Update System updates@fedoraproject.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Fixed In Version|freetype-2.3.11-4.{fc12,fc1 |freetype-2.3.11-6.fc13 |3} | Resolution| |ERRATA Last Closed| |2010-10-19 03:22:50

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

1 Nov 1 Nov

8:53 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

--- Comment #14 from Fedora Update System updates@fedoraproject.org 2010-11-01 16:53:00 EDT --- freetype-2.3.11-6.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Red Hat Bugzilla

8:53 p.m.

New subject: [Bug 613299] CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=613299

Fedora Update System updates@fedoraproject.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|freetype-2.3.11-6.fc13 |freetype-2.3.11-6.fc12

-- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

4990

Age (days ago)

5104

Last active (days ago)

fonts-bugs@lists.fedoraproject.org

23 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla