https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1191099 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1191099 [Bug 1191099] CVE-2014-9656 CVE-2014-9657 CVE-2014-9660 CVE-2014-9658 CVE-2014-9659 freetype: various flaws [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8sjSYr8wjX&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Vasyl Kaigorodov <vkaigoro(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1191102 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LVLQv8HR5e&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 --- Comment #2 from Fedora Update System <updates(a)fedoraproject.org&gt; --- freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fyu8B0bpEK&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Tomas Hoger <thoger(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Fixed In Version| |freetype 2.5.4 Summary|CVE-2014-9661 freetype: |CVE-2014-9661 freetype: out |use-after-free in |of bounds read in Type42 |type42/t42parse.c |font parser Whiteboard|impact=moderate,public=2014 |impact=low,public=20141124, |1124,reported=20150210,sour |reported=20150210,source=cv |ce=cve,cvss2=3.7/AV:L/AC:H/ |e,cvss2=4.3/AV:N/AC:M/Au:N/ |Au:N/C:P/I:P/A:P,fedora-all |C:N/I:N/A:P,cwe=CWE-125,rhe |/freetype=affected,rhel-5/f |l-5/freetype=wontfix,rhel-6 |reetype=new,rhel-6/freetype |/freetype=affected,rhel-7/f |=new,rhel-7/freetype=new |reetype=affected,rhev-m-3/m | |ingw-virt-viewer=affected,f | |edora-all/freetype=affected | |,fedora-all/mingw-freetype= | |affected,epel-7/mingw-freet | |ype=affected Severity|medium |low --- Comment #4 from Tomas Hoger <thoger(a)redhat.com&gt; --- Upstream bug is: https://savannah.nongnu.org/bugs/?43659 Issue was fixed upstream in 2.5.4. This is not really a use-after-free issue. The problem rather here is that ttf_data and ttf_size get out of sync. t42_parse_sfnts() can be called multiple times. On the first call, ttf_data is allocated and ttf_size properly set to its size. On a subsequent call, tff_data re-allocated to be shorter, but ttf_size is not updated to match new ttf_data size. This leads to buffer over-read later. In that processing, valid pointer is used, in combination incorrect value indicating buffer size. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2CCyUYPgBB&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Martin Prpic <mprpic(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1197738 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=MsmnaPxdVQ&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Martin Prpic <mprpic(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1197740 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UttgtfSxpU&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Tomas Hoger <thoger(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2015-03-18 03:40:44 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=eSpeSm0tCK&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Ján Rusnačko <jrusnack(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20141124, |impact=low,public=20141124, |reported=20150210,source=cv |reported=20150210,source=cv |e,cvss2=4.3/AV:N/AC:M/Au:N/ |e,cvss2=4.3/AV:N/AC:M/Au:N/ |C:N/I:N/A:P,cwe=CWE-125,rhe |C:N/I:N/A:P,cwe=CWE-125,rhe |l-5/freetype=wontfix,rhel-6 |l-5/freetype=wontfix,rhel-6 |/freetype=notaffected,rhel- |/freetype=affected,rhel-7/f |7/freetype=affected,rhev-m- |reetype=affected,rhev-m-3/m |3/mingw-virt-viewer=affecte |ingw-virt-viewer=affected,f |d,fedora-all/freetype=affec |edora-all/freetype=affected |ted,fedora-all/mingw-freety |,fedora-all/mingw-freetype= |pe=affected,epel-7/mingw-fr |affected,epel-7/mingw-freet |eetype=affected |ype=affected -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dC5hUoC87a&a=cc_unsubscribe