November 2017 - fonts-bugs - Fedora Mailing-Lists

[Bug 1475398] New: CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 fontforge : various flaws [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475398 Bug ID: 1475398 Summary: CVE-2017-11568 CVE-2017-11569 CVE-2017-11570 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 fontforge: various flaws [fedora-all] Product: Fedora Version: 26 Component: fontforge Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: kevin(a)scrye.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
13
0 / 0

[Bug 1475397] New: CVE-2017-11577 fontforge: Buffer over-read in getsid function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475397 Bug ID: 1475397 Summary: CVE-2017-11577 fontforge: Buffer over-read in getsid function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3088 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

[Bug 1475396] New: CVE-2017-11576 fontforge: Does not ensure a positive size in a weight vector memcpy call in readcfftopdict function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475396 Bug ID: 1475396 Summary: CVE-2017-11576 fontforge: Does not ensure a positive size in a weight vector memcpy call in readcfftopdict function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3091 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

[Bug 1475393] New: CVE-2017-11575 fontforge: Buffer over-read in strnmatch function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475393 Bug ID: 1475393 Summary: CVE-2017-11575 fontforge: Buffer over-read in strnmatch function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c. Upstream issue: https://github.com/fontforge/fontforge/issues/3096 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

[Bug 1475392] New: CVE-2017-11574 fontforge: Heap-based buffer overflow in readcffset function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475392 Bug ID: 1475392 Summary: CVE-2017-11574 fontforge: Heap-based buffer overflow in readcffset function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3090 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

[Bug 1475391] New: CVE-2017-11573 fontforge: Buffer over-read in ValidatePostScriptFontName function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475391 Bug ID: 1475391 Summary: CVE-2017-11573 fontforge: Buffer over-read in ValidatePostScriptFontName function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3098 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
3
0 / 0

[Bug 1475390] New: CVE-2017-11572 fontforge: Heap-based buffer over-read in readcfftopidcts function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475390 Bug ID: 1475390 Summary: CVE-2017-11572 fontforge: Heap-based buffer over-read in readcfftopidcts function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3092 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

[Bug 1475389] New: CVE-2017-11571 fontforge: Stack-buffer overflow in addnibble function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475389 Bug ID: 1475389 Summary: CVE-2017-11571 fontforge: Stack-buffer overflow in addnibble function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3087 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

[Bug 1475388] New: CVE-2017-11570 fontforge: Buffer over-read in umodenc function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475388 Bug ID: 1475388 Summary: CVE-2017-11570 fontforge: Buffer over-read in umodenc function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3097 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
3
0 / 0

[Bug 1475386] New: CVE-2017-11569 fontforge: Heap-buffer over-read in readttfcopyrights function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1475386 Bug ID: 1475386 Summary: CVE-2017-11569 fontforge: Heap-buffer over-read in readttfcopyrights function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, paul(a)frixxon.co.uk, pnemade(a)redhat.com FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS via a crafted otf file. Upstream issue: https://github.com/fontforge/fontforge/issues/3093 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 2 months

1
4
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs November 2017