fonts-bugs March 2016

fonts-bugs@lists.fedoraproject.org

2 participants
93 discussions

[Bug 507292] New: [RFE] Allow wildcards/regexps in rpm deps
by Red Hat Bugzilla 11 Mar '16

11 Mar '16

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: [RFE] Allow wildcards/regexps in rpm deps https://bugzilla.redhat.com/show_bug.cgi?id=507292 Summary: [RFE] Allow wildcards/regexps in rpm deps Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: low Component: rpm AssignedTo: pmatilai(a)redhat.com ReportedBy: nicolas.mailhot(a)laposte.net QAContact: extras-qa(a)fedoraproject.org CC: pmatilai(a)redhat.com, jnovy(a)redhat.com, ffesti(a)redhat.com, fedora-fonts-bugs-list(a)redhat.com Classification: Fedora (this is mostly a yum-level RFE, but it would be nice if we kept the same depsolving logic in both apps) The problem: Selecting a font is a multi-criterium operation. We need to match on font family, font style, language support, unicode support, etc. At any time all of just some of those selection criterii can be provided by the user or applications. To have features like font auto-installation work reliably, this matching needs to extend to the package database Right now rpm is only allowing to specify atomic provides, so we can have a font package that Provides font(dejavusans) and Provides font(:lang=el) but there is no warranty both those provides are belonging to the same font. There is no way to distinguish between a package that includes an actual greek dejavusans and a package that includes a dejavusans greek-less file and another totally different greek font To workaround this rpm limitation we've been asking packagers to put font files belonging to different font families in different packages. However: 1. many still don't 2. it's not technically possible for all font formats, for example the ttc font format allows mixing of fonts with different characteristics in a single file The ideal solution: Ability to have Provides like: font(comma-separated font name list|comma-separated style list|comma-separated lang list) (rough mockup that probably needs refining) And have deps like (dejavu|*|el) work in rpm (yes a font can declare many different names, be available in many different styles, cover many different languages) For ttc files we'd then generate one Provides for each font included in the ttc bundle -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 14

[Bug 890087] CVE-2012-5668 freetype: NULL Pointer Dereference in bdf_free_font (#37905)
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 487070] New: CVE-2006-3467 CVE-2006-3467 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: CVE-2006-3467 CVE-2006-3467 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861 Alias: CVE-2006-3467 https://bugzilla.redhat.com/show_bug.cgi?id=487070 Summary: CVE-2006-3467 CVE-2006-3467 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861 Product: Security Response Version: unspecified Platform: All URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-20 06-3467 OS/Version: Linux Status: NEW Status Whiteboard: impact=moderate,source=rehdat,reported=20060710,public =20060718 Keywords: Security Severity: medium Priority: medium Component: vulnerability AssignedTo: security-response-team(a)redhat.com ReportedBy: vdanen(a)redhat.com CC: ajax(a)redhat.com, fedora-fonts-bugs-list(a)redhat.com Classification: Other Target Release: --- Common Vulnerabilities and Exposures assigned an identifier CVE-2006-3467 to the following vulnerability: Name: CVE-2006-3467 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467 Assigned: 20060710 Reference: URL: http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded Reference: MISC: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 8

[Bug 613194] CVE-2010-2519 freetype: heap buffer overflow vulnerability when processing certain font files
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 890094] CVE-2012-5670 freetype: Out-of-bounds write in _bdf_parse_glyphs() (#37907)
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 621980] CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656)
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 450774] CVE-2008-1808 FreeType off-by-one flaws
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=450774 Ján Rusnačko <jrusnack(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|source=internet,public=2008 |source=internet,public=2008 |0610,reported=20080610,impa |0610,reported=20080610,impa |ct=important |ct=important,cwe=CWE-193[au | |to] -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1262377] New: freetype: Infinite loop in parse_encoding in t1load.c
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1262377 Bug ID: 1262377 Summary: freetype: Infinite loop in parse_encoding in t1load.c Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com If the Postscript stream contains a broken number-with-base (e.g. "8#garbage") the cursor doesn't advance and parse_encoding enters an infinite loop. Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0… CVE request: http://seclists.org/oss-sec/2015/q3/537 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=iemI0CxmQI&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs(a)lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

1 15

[Bug 613167] CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs March 2016