[slackware-security] freetype (SSA:2017-136-01) New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/freetype-2.6.3-i586-2_slack14.2.txz: Rebuilt. This update fixes an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 (* Security fix *) +--------------------------+ Where to find the new packages: +-----
Already fixed: Name : freetype2 Relocations: (not relocatable) Version : 2.7.1 Vendor: Mageia.Org Release : 2.mga6.tainted Build Date: Sat 29 Apr 2017 11:21:23 PM CEST luigiwalser <luigiwalser> 2.7.1-2.mga6: + Revision: 1098077 - add upstream patches to fix CVE-2017-8105 and CVE-2017-8287 *** This bug has been marked as a duplicate of bug 20720 ***
Status: NEW => RESOLVEDCC: (none) => marja11Resolution: (none) => DUPLICATE