https://bugzilla.redhat.com/show_bug.cgi?id=1890210
--- Comment #14 from Todd Cullum <tcullum(a)redhat.com> ---
Statement:
Although firefox and thunderbird, as shipped with Red Hat Enterprise Linux 6,
bundle a version (2.4.11) of freetype in gtk3-private, the version is not
affected by this flaw because the vulnerable code was introduced in a
subsequent version of freetype. The freetype package shipped with Red Hat
Enterprise Linux 5 and 6 is not affected as the vulnerable code was introduced
in a subsequent version of freetype.
go-freetype as shipped with Red Hat Advanced Cluster Management for Kubernetes
is not affected by this flaw because it ships a pure go implementation of
freetype which does not include the vulnerable code.
--
You are receiving this mail because:
You are on the CC list for the bug.