Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Sep 2015 07:27:21 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: 2 FreeType issues

Hello,

I don't believe these two FreeType issues have assigned CVEs:

1- Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix
and t1_parse_font_matrix

https://savannah.nongnu.org/bugs/?41309
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1

https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619


2- infinite loop in parse_encoding (t1load.c)

https://savannah.nongnu.org/bugs/index.php?41590
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75

https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620


Could CVEs please be assigned to them?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ