From owner-freebsd-gnome@FreeBSD.ORG Thu May 24 22:28:55 2007 Return-Path: X-Original-To: gnome@FreeBSD.org Delivered-To: freebsd-gnome@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D8F5216A400; Thu, 24 May 2007 22:28:55 +0000 (UTC) (envelope-from snb@threerings.net) Received: from smtp.earth.threerings.net (smtp1.earth.threerings.net [64.127.109.108]) by mx1.freebsd.org (Postfix) with ESMTP id BDD0713C448; Thu, 24 May 2007 22:28:55 +0000 (UTC) (envelope-from snb@threerings.net) Received: from [192.168.54.42] (chukchi.sea.earth.threerings.net [192.168.54.42]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.earth.threerings.net (Postfix) with ESMTP id 87EE361D88; Thu, 24 May 2007 15:28:55 -0700 (PDT) In-Reply-To: <1179806072.61392.70.camel@shumai.marcuscom.com> References: <200705212224.l4LMOWij014751@freefall.freebsd.org> <1179806072.61392.70.camel@shumai.marcuscom.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: multipart/mixed; boundary=Apple-Mail-2--124923150 Message-Id: <9BDC924F-9E02-4C16-A0C1-8E7C9279BDF2@threerings.net> From: Nick Barkas Date: Thu, 24 May 2007 15:28:59 -0700 To: Joe Marcus Clarke X-Mailer: Apple Mail (2.752.3) Cc: gnome@FreeBSD.org Subject: Re: ports/112769: [patch] [security] print/freetype2 fix for heap overflow X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2007 22:28:55 -0000 --Apple-Mail-2--124923150 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On May 21, 2007, at 8:54 PM, Joe Marcus Clarke wrote: > On Mon, 2007-05-21 at 19:28 -0700, Nick Barkas wrote: >> Thanks! Any chance the vulnerability that this fixes can get added to >> the VuXML doc so portaudit can tell folks to update? > > If you draw up an entry, I'll add it. Here is a patch to ports/security/vuxml/vuln.xml. Thanks! Nick --Apple-Mail-2--124923150 Content-Transfer-Encoding: 7bit Content-Type: application/octet-stream; x-unix-mode=0644; name=vuln.patch Content-Disposition: attachment; filename=vuln.patch --- vuln.xml.orig 2007-05-24 13:44:55.000000000 -0700 +++ vuln.xml 2007-05-24 15:02:49.000000000 -0700 @@ -34,6 +34,36 @@ --> + + FreeType 2 -- Heap overflow vulnerability + + + freetype2 + 2.2.1_2 + + + + +
+

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and + earlier might allow remote attackers to execute arbitrary code via a + crafted TTF image with a negative n_points value, which leads to an + integer overflow and heap-based buffer overflow.

+
+ +
+ + CVE-2007-2754 + http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200 + ports/112769 + + + 2007-04-27 + 2007-05-24 + +
FreeBSD -- heap overflow in file(1) --Apple-Mail-2--124923150 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed --Apple-Mail-2--124923150--