'Re: [oss-security] CVE Request - Multiple security fixes in freetype - 2.4.11'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request - Multiple security fixes in freetype - 2.4.11
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-12-25 3:19:00
Message-ID: 50D91B24.5030500 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/24/2012 06:58 PM, Huzaifa Sidhpurwala wrote:
> Merry Christmas!
> 
> Multiple security issues were reported by Mateusz Jurczyk of
> Google security team. These have been fixed in freetype 2.4.11 
> Details are as follows.
> 
> * NULL Pointer Dereference in bdf_free_font Bug:
> https://savannah.nongnu.org/bugs/?37905 Patch: 
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a

Please
> 
use CVE-2012-5668 for this issue.

> * Out-of-bounds read in _bdf_parse_glyphs Bug:
> https://savannah.nongnu.org/bugs/?37906 Patch: 
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

Please
> 
use CVE-2012-5669 for this issue.

> * Out-of-bounds write in _bdf_parse_glyphs Bug:
> https://savannah.nongnu.org/bugs/?37907 Patch: 
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8

Please
> 
use CVE-2012-5670 for this issue.


> Can CVEs be please assigned to these issues?
> 
> Thanks!
> 



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQ2RsfAAoJEBYNRVNeJnmT49IP/0OTKhq+GuD4V69fmVPEi7Bm
f5+kCi6mpYhxPmGs0uHRJFe6NFxgIRVQ4z/bMGyjGhlsoFMl8wNuPxLPcLvBtCoH
GIkU7Znji7ap1t6t/+rfTIA0xGq3itGz2nG0XVrAj/U/TMASsBS9hksqw9GdQO+p
D7XmlZXzFKRzlTooP7zcxkn1ZuLc/RZQH8KSfMuLXwVrA4At0cg5/IkbhzWNTLaH
OnbvNixPax7clADZV3/P1myun14yU63lqVjUTR6j4HNpVYX1nw3i3foMx//l1ieh
m3aYslRftjSCAX1CAX/SsQosgoJUv4/PUHDwJ14kLqlNXfmmduAs9U3hOeuBROM7
Zc1b7DmYQ8ocpGtOShqqg2PeQ7JfshYHyqxTmSi/D2AxhjdTyTLXW3Ce7mHwabh/
GUU+ugy2NFTdZvTLvZ0+9AYXvo50K6KK5Qelb14ovzpEXehZDeHk6HsjvRvqf6IM
jquy1oHV4nX0/3mnP/y1wfpCfrBQ8LX8qXu78wbjaLH58GNIEgpowNT1GI7FidX7
WBKo1T2MlUBgd2pezy3lCW8KouBUc3yujdBLoXpOafkyI1IbXn+UlybAZZMWo9SE
os9srumXOjFb03PmueixZYr/S2iDZMtwVeYWl3OTkxw/l/vMGUmQQHcYlU/8LQJq
fWvJbv2ZN6+/jiNbM3gM
=/y1l
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic