| Summary: | Updated freetype2 package to fix CVE-2011-3439 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Funda Wang <fundawang> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, derekjenn, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://sourceforge.net/projects/freetype/files/freetype2/2.4.8/README/view | ||
| Whiteboard: | |||
| Source RPM: | freetype2-2.4.4-5.4.mga1 | CVE: | |
| Status comment: | |||
|
Description
Funda Wang
2011-11-15 14:37:17 CET
@qateam, please see that freetype2 existing in both core and tainted. Testing on i586 complete for the srpm packages freetype2-2.4.4-5.4.mga1.src.rpm freetype2-2.4.4-5.4.mga1.tainted.src.rpm No poc for the vulnerability, so just testing that the packages work. For testing, I disabled the Tainted updates testing reposiory, and ran rpm -e --nodeps freetype2-demos libfreetype6 libfreetype6-devel urpmi freetype2-demos libfreetype6 libfreetype6-devel which installed the Core Updates Testing packages. I then confirmed xpdf could view pdf files. Enabled the Tainted Updates Testing repository and used urpmi --auto-select to install the tainted versions of the packages, and repeated the testing with xpdf. CC:
(none) =>
davidwhodgins Validated OK on x86_64 Could someone from sysadmin please push freetype2-2.4.4-5.4.mga1.src.rpm from Core_Updates_Testing to Core_Updates, and push freetype2-2.4.4-5.4.mga1.tainted.src.rpm from Tainted_Updates_testing into Tainted_Updates. Advisory -------- This update addresses CVE-2011-3439 which identifies some vulnerabilities in handling CID-keyed PostScript Keywords:
(none) =>
validated_update Update pushed. Status:
NEW =>
RESOLVED |