Some vulnerabilities in handling CID-keyed PostScript fonts have been found in freetype2 (CVE-2011-3439). The updated packages have been patched to fix this issue.
@qateam, please see that freetype2 existing in both core and tainted.
Testing on i586 complete for the srpm packages freetype2-2.4.4-5.4.mga1.src.rpm freetype2-2.4.4-5.4.mga1.tainted.src.rpm No poc for the vulnerability, so just testing that the packages work. For testing, I disabled the Tainted updates testing reposiory, and ran rpm -e --nodeps freetype2-demos libfreetype6 libfreetype6-devel urpmi freetype2-demos libfreetype6 libfreetype6-devel which installed the Core Updates Testing packages. I then confirmed xpdf could view pdf files. Enabled the Tainted Updates Testing repository and used urpmi --auto-select to install the tainted versions of the packages, and repeated the testing with xpdf.
CC: (none) => davidwhodgins
Validated OK on x86_64 Could someone from sysadmin please push freetype2-2.4.4-5.4.mga1.src.rpm from Core_Updates_Testing to Core_Updates, and push freetype2-2.4.4-5.4.mga1.tainted.src.rpm from Tainted_Updates_testing into Tainted_Updates. Advisory -------- This update addresses CVE-2011-3439 which identifies some vulnerabilities in handling CID-keyed PostScript
Keywords: (none) => validated_updateCC: (none) => derekjenn, sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED