|
From: | İsmail Dönmez |
Subject: | Re: [ft-devel] Fix for CVE-2010-3311 |
Date: | Fri, 24 Jun 2011 18:41:39 +0200 |
Hmm, in
> I am trying to audit our local patches to freetype2 in openSUSE to
> reduce the number of patches we apply. I noticed that fix for
> CVE-2010-3311 [0] is not applied to upstream freetype source.
> Attached is the fix for the issue with the demo CFF file.
>
> It would be nice to get this fixed so we can drop this patch.
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311
https://bugzilla.redhat.com/show_bug.cgi?id=623625
I read this:
Affected versions: freetype-2.3 and before that. Latest upstream
version (2.4) is not affected.
Actually, I remember this CVE... And indeed, comment #39 says:
The following upstream commit fixes this problem in freetype 2.4.x:
commit 75787c19eab20874c5d588842c52e59cfbd9302a
Author: Werner Lemberg <address@hidden>
Date: Sat Jun 26 09:24:08 2010 +0200
Add some memory checks (mainly for debugging).
* src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
if the frame size is larger than the stream size.
* src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
seeking a position larger than the stream size.
:-)
[Prev in Thread] | Current Thread | [Next in Thread] |