[Bug 1079600] New: VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 1079601] New: VUL-1:...

[Bug 1079600] New: VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

older
[Bug 1137792] Translation not...

bugzilla_noreply＠novell.com

6 Feb 2018 6 Feb '18

14:30

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Bug ID: 1079600 Summary: VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- freetype2 contains integer overflow issues in src/truetype/ttinterp.c (Ins_MSIRP, Ins_MIAP, Ins_MIRP), which were already fixed upstream. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6027 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/truetype... -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.7 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

6 Feb 6 Feb

14:34

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Karol Babioch changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |fstrba@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

16:32

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 http://bugzilla.suse.com/show_bug.cgi?id=1079600#c1 --- Comment #1 from Karol Babioch --- This is only an issue for the latest release of freetype2 version 2.9, which we do not distribute currently. Once freetype2 has been bumped to 2.9, this needs to be applied on top of it. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

23:12

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

23:34

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

7 Feb 7 Feb

15:46

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |ibs:running:6639:important -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

9 Feb 9 Feb

20:13

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 http://bugzilla.suse.com/show_bug.cgi?id=1079600#c4 --- Comment #4 from Swamp Workflow Management --- SUSE-SU-2018:0414-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): freetype2-2.6.3-7.15.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Server 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP3 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE Linux Enterprise Desktop 12-SP2 (src): freetype2-2.6.3-7.15.1, ft2demos-2.6.3-7.15.1 SUSE CaaS Platform ALL (src): freetype2-2.6.3-7.15.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

23:38

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:6639:important | -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

23:40

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:7781:important -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

12 Feb 12 Feb

07:40

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:7781:important | -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

11:09

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 http://bugzilla.suse.com/show_bug.cgi?id=1079600#c5 --- Comment #5 from Swamp Workflow Management --- openSUSE-SU-2018:0420-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1028103,1035807,1036457,1079600 CVE References: CVE-2016-10244,CVE-2017-7864,CVE-2017-8105,CVE-2017-8287 Sources used: openSUSE Leap 42.3 (src): freetype2-2.6.3-5.3.1, ft2demos-2.6.3-5.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

11 Jul 11 Jul

11:26

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 http://bugzilla.suse.com/show_bug.cgi?id=1079600#c11 Tomáš Chvátal changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #11 from Tomáš Chvátal --- This is automated batch bugzilla cleanup. The openSUSE 42.3 changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE (At this moment openSUSE Leap 15.1, 15.0 and Tumbleweed) please feel free to reopen this bug against that version (!you must update the "Version" component in the bug fields, do not just reopen please), or alternatively create a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:45

New subject: [Bug 1079600] VUL-1: freetype2: Integer overflow issues in src/truetype/ttinterp.c

http://bugzilla.suse.com/show_bug.cgi?id=1079600 http://bugzilla.suse.com/show_bug.cgi?id=1079600#c12 --- Comment #12 from Marcus Meissner --- 15.0 ga was fixed -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

1765

Age (days ago)

2285

Last active (days ago)

Download

12 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com