[Bug 1079603] New: VUL-1: freetype: Avoid NULL reference in src/truetype/ttinterp.c
http://bugzilla.suse.com/show_bug.cgi?id=1079603 Bug ID: 1079603 Summary: VUL-1: freetype: Avoid NULL reference in src/truetype/ttinterp.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: fstrba@suse.com Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- There is an upstream commit to avoid NULL references in src/truetype/ttinterp.c References: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/truetype... https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c1 --- Comment #1 from Karol Babioch <kbabioch@suse.com> --- This only affects the codestream in openSUSE:Factory, which is based on version 2.7.1. All other codestreams do not contain the affected code. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c2 --- Comment #2 from Karol Babioch <kbabioch@suse.com> --- It should be fixed by bumping the version to the latest upstream release in the openSUSE:Factory codestream. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c3 --- Comment #3 from Swamp Workflow Management <swamp@suse.de> --- This is an autogenerated message for OBS integration: This bug (1079603) was mentioned in https://build.opensuse.org/request/show/573619 Factory / freetype2 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c4 --- Comment #4 from Karol Babioch <kbabioch@suse.com> --- This has been assigned CVE-2018-6942 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c5 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2018-6942 --- Comment #5 from Karol Babioch <kbabioch@suse.com> --- This has been assigned CVE-2018-6942 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kbabioch@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c7 Tomáš Chvátal <tchvatal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #7 from Tomáš Chvátal <tchvatal@suse.com> --- This is automated batch bugzilla cleanup. The openSUSE 42.3 changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE (At this moment openSUSE Leap 15.1, 15.0 and Tumbleweed) please feel free to reopen this bug against that version (!you must update the "Version" component in the bug fields, do not just reopen please), or alternatively create a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2020:1353-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1079603,1091109 CVE References: CVE-2018-6942 Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): freetype2-2.10.1-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1079603 http://bugzilla.suse.com/show_bug.cgi?id=1079603#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2020:0704-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1079603,1091109 CVE References: CVE-2018-6942 Sources used: openSUSE Leap 15.1 (src): freetype2-2.10.1-lp151.4.3.1, ft2demos-2.10.1-lp151.4.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com