Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Mar 2014 06:49:14 -0400 (EDT)
From: cve-assign@...re.org
To: geissert@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Two stack-based issues in freetype [NOT a request]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> If I understood things correctly, CVE-2014-2240 is:
> https://savannah.nongnu.org/bugs/?41697#comment0
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6
> 
> While CVE-2014-2241 is:
> https://savannah.nongnu.org/bugs/?41697#comment2
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969

Yes, those are the correct references for those two CVEs. We are not
sure why "Two stack-based issues" was in the Subject line.
CVE-2014-2241 is a reachable assertion (CWE-617) not a stack-based
buffer overflow (CWE-121).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTIDslAAoJEKllVAevmvmsdH0H+wW12MbIFFNVA8zeHiz4cHQ7
nxzuHdNkKiPPhqiber0TuBVttHzg0pCLqjYPi561QplkgKevznb+cuIyU/0gBLfg
dDIkFwj0IZALuayjFlgzXa9NLjVXt3u1YB3NZvoonTXM1UGvYhkZiLVbQQA5ecwC
YTEPkk6A8+2iSTtKQBbYgy8iHNmWpxjZk5+ytDDOTJpt1xKjYr7+HsHGXsyUKs+7
GRXzQiGf4L9MlVa/C1R1YXnFtujQFdNlUqDL4W7q0lF//D5+fpTrKYyPfSPrI7ZT
4UdDohNd2nvNgu1d/4twqo3ceYtO89+nAKaAlnVk9mSHlqndqz0ShI5ylyh12T0=
=Fovt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ