[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[URGENT] Confirmation of Fixes for CVE's in 2.12.1
From: |
Arenas, Aaron |
Subject: |
[URGENT] Confirmation of Fixes for CVE's in 2.12.1 |
Date: |
Wed, 29 Jun 2022 21:07:39 +0000 |
Hello Werner & freetype Team,
Can you confirm which or if all the following fixes/patches/commits that
resolve issues and CVE's below are incorporate into latest available version,
2.12.1?
Fix/Patch (i.e. commit)
Issue
CVE
53dfdcd8<https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db>
#1138<https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138>
CVE-2022-27404<https://nvd.nist.gov/vuln/detail/CVE-2022-27404>
22a0cccb<https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5>
#1139<https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139>
CVE-2022-27405<https://nvd.nist.gov/vuln/detail/CVE-2022-27405>
0c2bdb01<https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2>
#1140<https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140>
CVE-2022-27406<https://nvd.nist.gov/vuln/detail/CVE-2022-27406>
I see that version 2.12.1 was release 1 month ago
here<https://gitlab.freedesktop.org/freetype/freetype/-/commit/e8ebfe988b5f57bfb9a3ecb13c70d9791bce9ecf>
and that these fixes were committed 3 months ago. I would have expected the
fixes to be incorporated. But it's unclear based results of code scan and
changelog.
Additional Background
I am build an application using Electron. The latest pre-built Electron binary
(19.0.6) contains freetype. Upon packaging my app and performing a code scan,
this component and version were flagged with CVE's. I need to resolve these to
mitigate any security risk associate with freetype.
If we could resolve this promptly, it would great appreciate. Time is of the
essence on my end.
Thank you,
Aaron
- [URGENT] Confirmation of Fixes for CVE's in 2.12.1,
Arenas, Aaron <=