[Bug 613198] CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support
bugzilla at redhat.com
bugzilla at redhat.com
Sat Jul 10 00:28:21 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613198
Vincent Danen <vdanen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |NOTABUG
Status Whiteboard|public=20100609,reported=20 |public=20100609,reported=20
|100702,source=vendorsec,imp |100702,source=vendorsec,imp
|act=important,cvss2=7.5/AV: |act=important,cvss2=7.5/AV:
|N/AC:L/Au:N/C:P/I:P/A:P,fed |N/AC:L/Au:N/C:P/I:P/A:P,fed
|ora-all/freetype=affected |ora-all/freetype=notaffecte
| |d
--- Comment #1 from Vincent Danen <vdanen at redhat.com> 2010-07-09 20:28:20 EDT ---
Provided we never enable truetype bytecode support (doubtful since it's
patented) this won't affect any version of freetype we ship.
Users that have rebuilt freetype with truetype bytecode support enabled will
probably want to patch this and rebuild again to get the fix, or revert to the
(supported) version of freetype as provided (with truetype bytecode support
disabled).
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list