Date: Thu, 24 May 2007 15:28:59 -0700 From: Nick Barkas <snb@threerings.net> To: Joe Marcus Clarke <marcus@FreeBSD.org> Cc: gnome@FreeBSD.org Subject: Re: ports/112769: [patch] [security] print/freetype2 fix for heap overflow Message-ID: <9BDC924F-9E02-4C16-A0C1-8E7C9279BDF2@threerings.net> In-Reply-To: <1179806072.61392.70.camel@shumai.marcuscom.com> References: <200705212224.l4LMOWij014751@freefall.freebsd.org> <BF065D3F-909A-4B37-A04C-FC36685FA743@threerings.net> <1179806072.61392.70.camel@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-2--124923150 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On May 21, 2007, at 8:54 PM, Joe Marcus Clarke wrote: > On Mon, 2007-05-21 at 19:28 -0700, Nick Barkas wrote: >> Thanks! Any chance the vulnerability that this fixes can get added to >> the VuXML doc so portaudit can tell folks to update? > > If you draw up an entry, I'll add it. Here is a patch to ports/security/vuxml/vuln.xml. Thanks! Nick --Apple-Mail-2--124923150 Content-Transfer-Encoding: 7bit Content-Type: application/octet-stream; x-unix-mode=0644; name=vuln.patch Content-Disposition: attachment; filename=vuln.patch --- vuln.xml.orig 2007-05-24 13:44:55.000000000 -0700 +++ vuln.xml 2007-05-24 15:02:49.000000000 -0700 @@ -34,6 +34,36 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="de2fab2d-0a37-11dc-aae2-00304881ac9a"> + <topic>FreeType 2 -- Heap overflow vulnerability</topic> + <affects> + <package> + <name>freetype2</name> + <range><lt>2.2.1_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <blockquote cite="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754"> + <p>Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and + earlier might allow remote attackers to execute arbitrary code via a + crafted TTF image with a negative n_points value, which leads to an + integer overflow and heap-based buffer overflow.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-2754</cvename> + <mlist>http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html</mlist> + <url>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754</url> + <url>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200</url> + <freebsdpr>ports/112769</freebsdpr> + </references> + <dates> + <discovery>2007-04-27</discovery> + <entry>2007-05-24</entry> + </dates> + </vuln> <vuln vid="8e01ab5b-0949-11dc-8163-000e0c2e438a"> <topic>FreeBSD -- heap overflow in file(1)</topic> <affects> --Apple-Mail-2--124923150 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed --Apple-Mail-2--124923150--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9BDC924F-9E02-4C16-A0C1-8E7C9279BDF2>