[Bug 749174] New: CVE-2011-3256 FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2011-3256 FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=749174
Summary: CVE-2011-3256 FreeType FT_Bitmap_New integer overflow
to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas
improper input validation [fedora-all]
Product: Fedora
Version: 15
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Component: freetype
AssignedTo: mkasik(a)redhat.com
ReportedBy: rcvalle(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org, kevin(a)tigcc.ticalc.org,
fonts-bugs(a)lists.fedoraproject.org, mkasik(a)redhat.com
Blocks: 746226
Classification: Fedora
Story Points: ---
Type: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=746226
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 4 months
[Bug 752538] gtk2 widgets too "tight"
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=752538
Nicolas Mailhot <nicolas.mailhot(a)laposte.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bl.bugs(a)gmail.com
--- Comment #17 from Nicolas Mailhot <nicolas.mailhot(a)laposte.net> 2011-12-07 05:56:02 EST ---
A problem at this level needs to be tackled upstream, let's see if eimai has an
opinion here
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 4 months
libpng 1.5 and moving to snapshots of FontForge?
by Paul Flo Williams
I've just submitted a patch upstream that should take care of the
remaining libpng 1.5 issues and I'm just pausing for feedback before
incorporating it into Rawhide to fix our FTBFS.
However, it strikes me that it might be possible to bring our package
closer to upstream and pretty much stay there by using git snapshots. I
suggest this because:
1. FontForge hasn't seen any user interface changes since, ooh, the 18th
century? If you watch upstream, nearly every change is a bug fix that
doesn't result in a change to the user experience, meaning we could push
to Fedora N-1 without breaking our guidelines.
2. Uncle George's releases just seem to be a roll-up of changes done at
arbitrary time intervals rather than being feature changes.
I'm not proposing a release a week, but taking a sensible view on fixes
that we might want to take wholesale rather than as patches.
--
Paul Flo Williams
http://hisdeedsaredust.com/category/fonts/feed
12 years, 4 months
[Bug 752538] gtk2 widgets too "tight"
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=752538
--- Comment #16 from Pierre Ossman <pierre-bugzilla(a)ossman.eu> 2011-12-06 11:52:42 EST ---
I installed FontForge and had a look at said glyph. Using the guide lines I
determined that the ascent and descent is ~1990 and ~-620 respectively. This in
contrast with the global values:
ascent: 1901
descent: -483
So I guess this is clearly a bug in the font then?
Is there some way to override these settings to test?
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 4 months
[fontforge] Rebuild for new libpng
by Adam Jackson
commit cb2a460f9f85412aa0298da3a225076e9ef04a3c
Author: Adam Jackson <ajax(a)redhat.com>
Date: Mon Dec 5 23:06:02 2011 -0500
Rebuild for new libpng
fontforge.spec | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/fontforge.spec b/fontforge.spec
index d99903d..79cfd93 100644
--- a/fontforge.spec
+++ b/fontforge.spec
@@ -5,7 +5,7 @@
Name: fontforge
Version: 20110222
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Outline and bitmap font editor
Group: Applications/Publishing
@@ -149,6 +149,9 @@ update-mime-database %{_datadir}/mime &> /dev/null || :
%{_libdir}/pkgconfig/*.pc
%changelog
+* Tue Dec 06 2011 Adam Jackson <ajax(a)redhat.com> - 20110222-5
+- Rebuild for new libpng
+
* Thu Apr 07 2011 Parag Nemade <paragn AT fedoraproject.org> - 2011022-4
- Add patch for multilib. Fixes bug #694409
12 years, 4 months
[Bug 753837] New: CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=753837
Summary: CVE-2011-3439 freetype: Multiple security flaws when
loading CID-keyed Type 1 fonts [fedora-all]
Product: Fedora
Version: 15
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Component: freetype
AssignedTo: mkasik(a)redhat.com
ReportedBy: jlieskov(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org, kevin(a)tigcc.ticalc.org,
fonts-bugs(a)lists.fedoraproject.org, mkasik(a)redhat.com
Blocks: 753799
Classification: Fedora
Story Points: ---
Type: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=753799
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 4 months
