Bug 20940 - freetype2 security vulnerability (CVE-2017-8287)
Summary: freetype2 security vulnerability (CVE-2017-8287)
Status: RESOLVED DUPLICATE of bug 20720
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL: http://www.linuxsecurity.com/content/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-26 03:14 CEST by Zombie Ryushu
Modified: 2017-05-28 07:03 CEST (History)
1 user (show)

See Also:
Source RPM: freetype
CVE:
Status comment:


Attachments

Description Zombie Ryushu 2017-05-26 03:14:41 CEST
[slackware-security]  freetype (SSA:2017-136-01)

New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/freetype-2.6.3-i586-2_slack14.2.txz:  Rebuilt.
  This update fixes an out-of-bounds write caused by a heap-based buffer
  overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----
Comment 1 Marja Van Waes 2017-05-28 07:03:24 CEST
Already fixed:

Name        : freetype2                    Relocations: (not relocatable)
Version     : 2.7.1                             Vendor: Mageia.Org
Release     : 2.mga6.tainted                Build Date: Sat 29 Apr 2017 11:21:23 PM CEST


luigiwalser <luigiwalser> 2.7.1-2.mga6:
+ Revision: 1098077
- add upstream patches to fix CVE-2017-8105 and CVE-2017-8287

*** This bug has been marked as a duplicate of bug 20720 ***

Status: NEW => RESOLVED
CC: (none) => marja11
Resolution: (none) => DUPLICATE


Note You need to log in before you can comment on or make changes to this bug.