https://bugzilla.redhat.com/show_bug.cgi?id=1500690
Bug ID: 1500690
Summary: CVE-2017-13720 libXfont: Insufficient input validation
in fontdir.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: ajax(a)redhat.com, alexl(a)redhat.com,
btissoir(a)redhat.com, caillon+fedoraproject(a)gmail.com,
caolanm(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org,
jglisse(a)redhat.com, john.j5live(a)gmail.com,
mbarnes(a)fastmail.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com
It was discovered that libXfont incorrectly handled certain patterns in
PatternMatch. A local attacker could use this issue to cause libXfont to
crash, resulting in a denial of service, or possibly obtain sensitive
information.
Upstream patch:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b870…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1445925
Eric L. <eklawl01(a)gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment|0 |1
#1278012 is| |
obsolete| |
--- Comment #25 from Eric L. <eklawl01(a)gmail.com> ---
Created attachment 1399007
--> https://bugzilla.redhat.com/attachment.cgi?id=1399007&action=edit
February 2018 font list
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1445925
--- Comment #24 from Eric L. <eklawl01(a)gmail.com> ---
I still have the same crash. I will upload a fresh copy of my font list, but I
don't believe it has changed from the 2017-05-11 upload.
4.14.14-200.fc26.x86_64 #1 SMP Fri Jan 19 13:27:06 UTC 2018 x86_64 x86_64
x86_64 GNU/Linux
Installed Packages
gimp.x86_64 2:2.8.22-2.fc26.3 @updates
pango.i686 1.40.12-1.fc26 @updates
pango.x86_64 1.40.12-1.fc26 @updates
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1445925
sachin <spathare(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |spathare(a)redhat.com
Version|26 |27
--- Comment #23 from sachin <spathare(a)redhat.com> ---
@Eric I tested it on F27 and unable to reproduce it.
can you please provide a list of fonts name you have installed.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1544771
Bug ID: 1544771
Summary: CVE-2018-6942 freetype: NULL pointer dereference in
the Ins_GETVARIATION() function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: ajax(a)redhat.com, alexl(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org,
mbarnes(a)fastmail.com, mclasen(a)redhat.com,
mkasik(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference
in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a
crafted font file.
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c7592…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1514274
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
Last Closed| |2018-02-20 12:12:57
--- Comment #35 from Fedora Update System <updates(a)fedoraproject.org> ---
twitter-twemoji-fonts-2.4.0-1.fc27 has been pushed to the Fedora 27 stable
repository. If problems still persist, please make note of it in this bug
report.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1258542
--- Comment #37 from Shawn Starr <shawn.starr(a)rogers.com> ---
Not forgotten... I am seeing the reviews blocking this are getting closer to
being done.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1258542
Bug 1258542 depends on bug 1440971, which changed state.
Bug 1440971 Summary: Review Request: python-pyclipper - Cython wrapper for the C++ translation of the Angus Johnson's Clipper library
https://bugzilla.redhat.com/show_bug.cgi?id=1440971
What |Removed |Added
----------------------------------------------------------------------------
Status|POST |CLOSED
Resolution|--- |RAWHIDE
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1542272
Bug ID: 1542272
Summary: fonttools-3.22.0 is available
Product: Fedora
Version: rawhide
Component: fonttools
Keywords: FutureFeature, Triaged
Assignee: pnemade(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
pnemade(a)redhat.com, sshedmak(a)redhat.com
Latest upstream release: 3.22.0
Current version/release in rawhide: 3.21.2-1.fc28
URL: https://github.com/fonttools/fonttools/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7388/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1514274
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|MODIFIED |ON_QA
--- Comment #34 from Fedora Update System <updates(a)fedoraproject.org> ---
twitter-twemoji-fonts-2.4.0-1.fc27 has been pushed to the Fedora 27 testing
repository. If problems still persist, please make note of it in this bug
report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-86ff582bf9
--
You are receiving this mail because:
You are on the CC list for the bug.