http://bugzilla.suse.com/show_bug.cgi?id=1079601 Bug ID: 1079601 Summary: VUL-1: freetype2: Protection against invalid VF data Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: fstrba@suse.com Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- There is an upstream commit handling invalid VF data more safely. This should be applied to our product, since there is no new release of freetype2. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/truetype... -- You are receiving this mail because: You are on the CC list for the bug.