Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 24 Dec 2012 20:19:00 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>,
        Mateusz Jurczyk <j00ru.vx@...il.com>
Subject: Re: CVE Request - Multiple security fixes in freetype
 - 2.4.11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/24/2012 06:58 PM, Huzaifa Sidhpurwala wrote:
> Merry Christmas!
> 
> Multiple security issues were reported by Mateusz Jurczyk of
> Google security team. These have been fixed in freetype 2.4.11 
> Details are as follows.
> 
> * NULL Pointer Dereference in bdf_free_font Bug:
> https://savannah.nongnu.org/bugs/?37905 Patch: 
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a

Please
> 
use CVE-2012-5668 for this issue.

> * Out-of-bounds read in _bdf_parse_glyphs Bug:
> https://savannah.nongnu.org/bugs/?37906 Patch: 
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

Please
> 
use CVE-2012-5669 for this issue.

> * Out-of-bounds write in _bdf_parse_glyphs Bug:
> https://savannah.nongnu.org/bugs/?37907 Patch: 
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8

Please
> 
use CVE-2012-5670 for this issue.


> Can CVEs be please assigned to these issues?
> 
> Thanks!
> 



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQ2RsfAAoJEBYNRVNeJnmT49IP/0OTKhq+GuD4V69fmVPEi7Bm
f5+kCi6mpYhxPmGs0uHRJFe6NFxgIRVQ4z/bMGyjGhlsoFMl8wNuPxLPcLvBtCoH
GIkU7Znji7ap1t6t/+rfTIA0xGq3itGz2nG0XVrAj/U/TMASsBS9hksqw9GdQO+p
D7XmlZXzFKRzlTooP7zcxkn1ZuLc/RZQH8KSfMuLXwVrA4At0cg5/IkbhzWNTLaH
OnbvNixPax7clADZV3/P1myun14yU63lqVjUTR6j4HNpVYX1nw3i3foMx//l1ieh
m3aYslRftjSCAX1CAX/SsQosgoJUv4/PUHDwJ14kLqlNXfmmduAs9U3hOeuBROM7
Zc1b7DmYQ8ocpGtOShqqg2PeQ7JfshYHyqxTmSi/D2AxhjdTyTLXW3Ce7mHwabh/
GUU+ugy2NFTdZvTLvZ0+9AYXvo50K6KK5Qelb14ovzpEXehZDeHk6HsjvRvqf6IM
jquy1oHV4nX0/3mnP/y1wfpCfrBQ8LX8qXu78wbjaLH58GNIEgpowNT1GI7FidX7
WBKo1T2MlUBgd2pezy3lCW8KouBUc3yujdBLoXpOafkyI1IbXn+UlybAZZMWo9SE
os9srumXOjFb03PmueixZYr/S2iDZMtwVeYWl3OTkxw/l/vMGUmQQHcYlU/8LQJq
fWvJbv2ZN6+/jiNbM3gM
=/y1l
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.