May 2018 - fonts-bugs - Fedora Mailing-Lists

[Bug 1444904] New: CVE-2017-7858 freetype: out-of-bounds write related to the TT_Get_MM_Var and sfnt_init_face functions

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444904 Bug ID: 1444904 Summary: CVE-2017-7858 freetype: out-of-bounds write related to the TT_Get_MM_Var and sfnt_init_face functions Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=77930... -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
6
0 / 0

[Bug 1444898] New: CVE-2017-7857 freetype: heap-based buffer overflow related to the TT_Get_MM_Var function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444898 Bug ID: 1444898 Summary: CVE-2017-7857 freetype: heap-based buffer overflow related to the TT_Get_MM_Var function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb9... -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
6
0 / 0

[Bug 1444895] New: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444895 Bug ID: 1444895 Summary: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
6
0 / 0

[Bug 1446500] New: CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1446500 Bug ID: 1446500 Summary: CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c... -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
7
0 / 0

[Bug 1423225] New: apanov-edrip-fonts: FTBFS in rawhide

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1423225 Bug ID: 1423225 Summary: apanov-edrip-fonts: FTBFS in rawhide Product: Fedora Version: rawhide Component: apanov-edrip-fonts Assignee: nicolas.mailhot(a)laposte.net Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk Blocks: 1423041 Your package apanov-edrip-fonts failed to build from source in current rawhide. https://koji.fedoraproject.org/koji/taskinfo?taskID=17710156 For details on mass rebuild see https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1423041 [Bug 1423041] Fedora 26 Mass Rebuild FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
5
0 / 0

[Bug 1271620] New: please update spec templates as per latest guidelines

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1271620 Bug ID: 1271620 Summary: please update spec templates as per latest guidelines Product: Fedora Version: 23 Component: fontpackages Assignee: nicolas.mailhot(a)laposte.net Reporter: kvolny(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk, tagoh(a)redhat.com Description of problem: I'm trying to package a font. While filing the spec template, I have found that there is: %install rm -fr %{buildroot} but the buildroot is now cleaned automatically so the `rm` command should not be present. Please update the spec templates according to the latest guidelines. Also note that there may be other deviations from current packaging guidelines that I have overlooked ... Version-Release number of selected component (if applicable): fontpackages-devel-1.44-14.fc23.noarch -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=162cGuTqJk&a=cc_unsubscribe

5 years, 11 months

2
5
0 / 0

[Bug 1509696] Drop google-android-emoji-fonts

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1509696 --- Comment #10 from Mike FABIAN <mfabian(a)redhat.com> --- (In reply to Nicolas Mailhot from comment #9) > Removing the font will break formatting of all existing documents that use > it since other emoji fonts will have different metrics. You can not remove > old fonts because better one appeared, no one wants to re-layout existing > documents. > > Symbola is a dead end since it just changed licensing to non-free Oh, what a pity! It is such a nice font. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

[Bug 1544776] New: CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1544776 Bug ID: 1544776 Summary: CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function [fedora-all] Product: Fedora Version: 27 Component: freetype Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mkasik(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ajax(a)redhat.com, alexl(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org, mbarnes(a)fastmail.com, mclasen(a)redhat.com, mkasik(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
11
0 / 0

[Bug 1544774] New: CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1544774 Bug ID: 1544774 Summary: CVE-2018-6942 freetype: NULL pointer dereference in the Ins_GETVARIATION() function [fedora-all] Product: Fedora Version: 27 Component: freetype Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mkasik(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ajax(a)redhat.com, alexl(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org, mbarnes(a)fastmail.com, mclasen(a)redhat.com, mkasik(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
1
0 / 0

[Bug 1583298] New: Provided man pages are not included in freetype-demos

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1583298 Bug ID: 1583298 Summary: Provided man pages are not included in freetype-demos Product: Fedora Version: rawhide Component: freetype Assignee: mkasik(a)redhat.com Reporter: apodtele(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: ajax(a)redhat.com, alexl(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org, mbarnes(a)fastmail.com, mclasen(a)redhat.com, mkasik(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com FreeType demo tools come with man pages as src/*.1 files. Please package them into freetype-demos RPM. Let me know if they are problematic. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs May 2018