rpms/freetype1/F-11 cve-2006-1861.patch, NONE, 1.1 cve-2007-2754.patch, NONE, 1.1
Adam Jackson
ajax at fedoraproject.org
Tue May 26 20:29:58 UTC 2009
Author: ajax
Update of /cvs/pkgs/rpms/freetype1/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29730
Added Files:
cve-2006-1861.patch cve-2007-2754.patch
Log Message:
* Tue May 26 2009 Adam Jackson <ajax at redhat.com> 1.4-0.8.pre
- cve-2006-1861.patch, cve-2007-2754.patch: Port of freetype2 fixes. (#502565)
cve-2006-1861.patch:
--- NEW FILE cve-2006-1861.patch ---
diff -up freetype-pre1.4/lib/ttgload.c.freetype-pre1.4-CVE-2006-1861-null-pointer freetype-pre1.4/lib/ttgload.c
--- freetype-pre1.4/lib/ttgload.c.freetype-pre1.4-CVE-2006-1861-null-pointer 2009-05-12 19:40:52.000000000 -0400
+++ freetype-pre1.4/lib/ttgload.c 2009-05-12 19:41:03.000000000 -0400
@@ -270,6 +270,10 @@
j = 0;
flag = exec->pts.touch;
+ /* CVE-2006-1861 */
+ if ( flag == NULL )
+ return TT_Err_Invalid_Composite; /* for lack of a better err code */
+
while ( j < n_points )
{
Byte c, cnt;
cve-2007-2754.patch:
--- NEW FILE cve-2007-2754.patch ---
diff -up freetype-pre1.4/lib/ttgload.c.ttf-overflow freetype-pre1.4/lib/ttgload.c
--- freetype-pre1.4/lib/ttgload.c.ttf-overflow 2009-05-12 19:25:25.000000000 -0400
+++ freetype-pre1.4/lib/ttgload.c 2009-05-12 19:28:15.000000000 -0400
@@ -236,7 +236,7 @@
FORGET_Frame();
- if ( n_points > left_points )
+ if ( n_points < 0 || n_points > left_points )
{
PTRACE0(( "ERROR: Too many points in glyph %ld\n", subg->index ));
return TT_Err_Too_Many_Points;
More information about the fonts-bugs
mailing list