Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jul 2010 15:45:27 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Werner Lemberg <wl@....org>, Marek Kasik <mkasik@...hat.com>
Subject: Another freetype-demos buffer overflow

Hello everyone,

While fixing CVE-2010-2527, one of our developers, Marek Kašík, discovered
an additional buffer overflow in the ftmulti demo program.

I've assigned it CVE-2010-2541. There is more information in our bug:
https://bugzilla.redhat.com/show_bug.cgi?id=617342

Upstream was told and added a partial fix to their git:
http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=3636982a7666bcfa0e47fb31d565314d1b3e7d78

I've attached a patch to the Red Hat bug that we're using.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.