Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Aug 2010 17:07:22 +0200
From: Robert Święcki <robert@...ecki.net>
To: Werner LEMBERG <wl@....org>
Cc: oss-security@...ts.openwall.com, bthomas@...le.com, bressers@...hat.com
Subject: Re: CVE Request -- FreeType -- Memory corruption flaw
 by processing certain LWFN fonts + three more

Looks like it's been fixed with
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a205b3ca85d2d78aac71ea3c1df104972031d6ad

Thanks Werner, you're awesome when it comes to fixing security bugs.

On Tue, Aug 10, 2010 at 1:51 AM, Werner LEMBERG <wl@....org> wrote:
>
>>>> So these issues are going to be addressed in upcoming 2.4.3, right?
>>>> They still affect 2.4.2?
>>>
>>> All of these issues are fixed in 2.4.2 already.
>>
>> Thanks,
>>
>> I've added
>>
>> https://savannah.nongnu.org/bugs/index.php?30719
>>
>> which is offspring of https://savannah.nongnu.org/bugs/index.php?30657
>
> This looks like a pure 64bit issue, and I don't have access to such a
> machine which makes debugging very hard for me :(
>
> Any help is greatly appreciated.
>
>
>    Werner
>



-- 
Robert Święcki

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.