https://bugzilla.redhat.com/show_bug.cgi?id=1191081
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
Status|NEW |CLOSED
Fixed In Version| |freetype 2.5.4
Resolution|--- |NOTABUG
Whiteboard|impact=moderate,public=2014 |impact=important,public=201
|1124,reported=20150210,sour |41124,reported=20150210,sou
|ce=cve,cvss2=3.7/AV:L/AC:H/ |rce=cve,cvss2=6.8/AV:N/AC:M
|Au:N/C:P/I:P/A:P,fedora-all |/Au:N/C:P/I:P/A:P,rhel-4/fr
|/freetype=affected,rhel-5/f |eetype=notaffected,rhel-5/f
|reetype=new,rhel-6/freetype |reetype=notaffected,rhel-6/
|=new,rhel-7/freetype=new |freetype=notaffected,rhel-7
| |/freetype=notaffected,rhev-
| |m-3/mingw-virt-viewer=notaf
| |fected,fedora-all/freetype=
| |affected,fedora-all/mingw-f
| |reetype=affected,epel-7/min
| |gw-freetype=affected
Severity|medium |high
Last Closed| |2015-02-19 17:04:40
--- Comment #3 from Tomas Hoger <thoger(a)redhat.com> ---
Upstream bug is:
https://savannah.nongnu.org/bugs/?43661
Issue was fixed upstream in 2.5.4.
Report indicates this is issue is an incomplete fix / variant of the
CVE-2014-2240 issue (bug 1074646). It affect code which was introduced in
upstream version 2.4.12, and enabled by default in 2.5. The affected code is
not in freetype packages in Red Hat Enterprise Linux 7 and earlier.
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=fxqvwlT1s1&a=cc_unsubscribe