[freetype/f14/master] Fix CVE-2010-3855
mkasik
mkasik at fedoraproject.org
Mon Nov 15 10:16:03 UTC 2010
commit 121ba062356c21140c559745c9eaa6df24ad4dfb
Author: Marek Kasik <mkasik at redhat.com>
Date: Mon Nov 15 10:31:38 2010 +0100
Fix CVE-2010-3855
Add freetype-2.4.2-CVE-2010-3855.patch
(Protect against invalid `runcnt' values.)
Resolves: #651764
freetype-2.4.2-CVE-2010-3855.patch | 20 ++++++++++++++++++++
freetype.spec | 9 ++++++++-
2 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/freetype-2.4.2-CVE-2010-3855.patch b/freetype-2.4.2-CVE-2010-3855.patch
new file mode 100644
index 0000000..9a674c7
--- /dev/null
+++ b/freetype-2.4.2-CVE-2010-3855.patch
@@ -0,0 +1,20 @@
+--- freetype-2.4.2/src/truetype/ttgxvar.c 2010-07-12 21:03:49.000000000 +0200
++++ freetype-2.4.2/src/truetype/ttgxvar.c 2010-11-15 10:23:12.725915774 +0100
+@@ -154,7 +154,7 @@
+ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
+ first = points[i++] = FT_GET_USHORT();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ /* first point not included in runcount */
+@@ -165,7 +165,7 @@
+ {
+ first = points[i++] = FT_GET_BYTE();
+
+- if ( runcnt < 1 )
++ if ( runcnt < 1 || i + runcnt >= n )
+ goto Exit;
+
+ for ( j = 0; j < runcnt; ++j )
diff --git a/freetype.spec b/freetype.spec
index 46c2bbd..8b0a3f7 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
Summary: A free and portable font rendering engine
Name: freetype
Version: 2.4.2
-Release: 3%{?dist}
+Release: 4%{?dist}
License: FTL or GPLv2+
Group: System Environment/Libraries
URL: http://www.freetype.org
@@ -27,6 +27,7 @@ Patch47: freetype-2.3.11-more-demos.patch
Patch88: freetype-multilib.patch
Patch89: freetype-2.4.2-CVE-2010-3311.patch
+Patch90: freetype-2.4.2-CVE-2010-3855.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
@@ -94,6 +95,7 @@ popd
%patch88 -p1 -b .multilib
%patch89 -p1 -b .CVE-2010-3311
+%patch90 -p1 -b .CVE-2010-3855
%build
@@ -226,6 +228,11 @@ rm -rf $RPM_BUILD_ROOT
%doc docs/tutorial
%changelog
+* Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.4.2-4
+- Add freetype-2.4.2-CVE-2010-3855.patch
+ (Protect against invalid `runcnt' values.)
+- Resolves: #651764
+
* Wed Oct 6 2010 Marek Kasik <mkasik at redhat.com> 2.4.2-3
- Add freetype-2.4.2-CVE-2010-3311.patch
(Don't seek behind end of stream.)
More information about the fonts-bugs
mailing list