March 2012 - fonts-bugs - Fedora Mailing-Lists

[Bug 800597] CVE-2012-1138 freetype: heap OOB read in the MIRP instruction implementation in TTF BCI (#35646)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800597 Tomas Hoger <thoger(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2012-1138 freetype: |CVE-2012-1138 freetype: |Out-of heap-based buffer |heap OOB read in the MIRP |read in the TrueType |instruction implementation |bytecode interpreter by |in TTF BCI (#35646) |executing the MIRP | |instruction (FU#35646) | Status Whiteboard|impact=low,public=20120227, |impact=low,public=20120227, |reported=20120302,source=go |reported=20120302,source=se |ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=4.3/AV:N/AC:M/ |:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre |ype=new,rhel-6/freetype=new |etype=notaffected,rhel-6/fr |,fedora-all/freetype=new |eetype=notaffected,fedora-a | |ll/freetype=affected --- Comment #2 from Tomas Hoger <thoger(a)redhat.com> 2012-03-14 13:27:57 EDT --- This flaw is in the TrueType bytecode interpreter (BCI) implementation. BCI is not enabled in Red Hat Enterprise Linux 4, 5, and 6 freetype packages (it was disabled by default upstream because of the patent concerns). BCI support is now enabled by default in upstream versions 2.4 and later, as relevant patents expired: http://www.freetype.org/patents.html Statement: Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800587] CVE-2012-1130 freetype: Out-of heap-based buffer read by loading properties of PCF fonts (FU#35603)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800587 --- Comment #2 from Jan Lieskovsky <jlieskov(a)redhat.com> 2012-03-14 13:19:56 EDT --- This issue affects the versions of the freetype package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the freetype package, as shipped with Fedora release of 15 and 16. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800587] CVE-2012-1130 freetype: Out-of heap-based buffer read by loading properties of PCF fonts (FU#35603)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800587 Jan Lieskovsky <jlieskov(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223, |reported=20120302,source=go |reported=20120302,source=go |ogle,cvss2=4.3/AV:N/AC:M/Au |ogle,cvss2=4.3/AV:N/AC:M/Au |:N/C:N/I:N/A:P,rhel-5/freet |:N/C:N/I:N/A:P,rhel-5/freet |ype=new,rhel-6/freetype=new |ype=affected,rhel-6/freetyp |,fedora-all/freetype=new |e=affected,fedora-all/freet | |ype=affected -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 800584] CVE-2012-1128 freetype: NULL dereference in the SHZ instruction implementation in TTF BCI (#35601)

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=800584 Tomas Hoger <thoger(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2012-1128 freetype: |CVE-2012-1128 freetype: |NULL pointer dereference by |NULL dereference in the SHZ |moving zone2 pointer point |instruction implementation |for certain TrueType font |in TTF BCI (#35601) |(FU#35601) | Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223, |reported=20120302,source=go |reported=20120302,source=se |ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=4.3/AV:N/AC:M/ |:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre |ype=notaffected,rhel-6/free |etype=notaffected,rhel-6/fr |type=notaffected,fedora-all |eetype=notaffected,fedora-a |/freetype=affected |ll/freetype=affected --- Comment #5 from Tomas Hoger <thoger(a)redhat.com> 2012-03-14 13:05:45 EDT --- This flaw is in the TrueType bytecode interpreter (BCI) implementation. BCI is not enabled in Red Hat Enterprise Linux 4, 5, and 6 freetype packages (it was disabled by default upstream because of the patent concerns). BCI support is now enabled by default in upstream versions 2.4 and later, as relevant patents expired: http://www.freetype.org/patents.html Statement: Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 803192] [gu_IN]-Lohit Gujarati is displayed in serif

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=803192 Pravin Satpute <psatpute(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #3 from Pravin Satpute <psatpute(a)redhat.com> 2012-03-14 05:47:33 EDT --- Never did this for Lohit, in fact same is observed in other Indian fonts. http://www.panose.com/ProductsServices/pan2.aspx After correcting panose values getting expected output. Need to do this for all Lohit fonts. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 803192] [gu_IN]-Lohit Gujarati is displayed in serif

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=803192 --- Comment #2 from Akira TAGOH <tagoh(a)redhat.com> 2012-03-14 04:58:33 EDT --- just filed an RFE for a workaround. see Bug#803220. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[Bug 803192] [gu_IN]-Lohit Gujarati is displayed in serif

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=803192 Akira TAGOH <tagoh(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fonts-bugs(a)lists.fedoraproj | |ect.org Component|fonts-tweak-tool |lohit-gujarati-fonts AssignedTo|jni(a)redhat.com |psatpute(a)redhat.com --- Comment #1 from Akira TAGOH <tagoh(a)redhat.com> 2012-03-14 04:43:21 EDT --- This is determined by the panose in the font. Lohit Gujarati should have the certain value in it. http://www.monotypeimaging.com/ProductsServices/pan1.aspx -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 3 months

1
0
0 / 0

[vlgothic-fonts/f15] New upstream release.

by Akira TAGOH

Summary of changes: f173d06... New upstream release. (*) (*) This commit already existed in another branch; no separate mail sent

12 years, 3 months

1
0
0 / 0

[vlgothic-fonts/f16] New upstream release.

by Akira TAGOH

Summary of changes: f173d06... New upstream release. (*) (*) This commit already existed in another branch; no separate mail sent

12 years, 3 months

1
0
0 / 0

[vlgothic-fonts/f17] New upstream release.

by Akira TAGOH

Summary of changes: f173d06... New upstream release. (*) (*) This commit already existed in another branch; no separate mail sent

12 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs March 2012