Date: Tue, 17 Apr 2018 01:42:18 +0000 From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 227568] print/freetype2: Apply upstream fix for CVE-2018-6942 (v2.9) Message-ID: <bug-227568-6497@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227568 Bug ID: 227568 Summary: print/freetype2: Apply upstream fix for CVE-2018-6942 (v2.9) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: gnome@FreeBSD.org Reporter: lightside@gmx.com CC: gnome@FreeBSD.org, ports-secteam@FreeBSD.org Flags: maintainer-feedback?(gnome@FreeBSD.org) Assignee: gnome@FreeBSD.org Attachment #192577 maintainer-approval?(gnome@FreeBSD.org) Flags: CC: gnome@FreeBSD.org Created attachment 192577 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D192577&action= =3Dedit Proposed patch (since 466285 revision) Patch for print/freetype2 port with upstream fix for CVE-2018-6942: "An issue was discovered in FreeType 2 through 2.9. A NULL pointer derefere= nce in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file." https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-6942 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3D29c75= 9284e305ec428703c9a5831d0b1fc3497ef Based on message about CVE-2018-6942 in docs/CHANGES file: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3D632a11= f91f0d932ac498e9e6ca022c9903ab05e9 --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227568-6497>