The announcement of freetype2 2.4.9 lists several security issues that were fixed, most of which have been assigned CVEs. Cauldron has 2.4.9, so is not vulnerable. Mageia 1 does not have patches for these vulnerabilities. http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view Debian has issued a security advisory for some of these CVEs on March 7: http://www.debian.org/security/2012/dsa-2428
CC: (none) => fundawang
CC: (none) => dmorganec
Here's an Ubuntu advisory for these issues from March 22: http://www.ubuntu.com/usn/usn-1403-1/
Mandriva has issued an advisory for these issues today (April 12): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:057
Patched package uploaded. Advisory: ======================== Updated freetype2 packages fix security vulnerabilities: Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144 http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:057 ======================== Updated packages in core/updates_testing: ======================== libfreetype6-2.4.4-5.5.mga1 libfreetype6-devel-2.4.4-5.5.mga1 libfreetype6-static-devel-2.4.4-5.5.mga1 freetype2-demos-2.4.4-5.5.mga1 from freetype2-2.4.4-5.5.mga1.src.rpm
Assignee: bugsquad => qa-bugs
Testing complete on i586 for the srpm freetype2-2.4.4-5.5.mga1.src.rpm As usual for freetype2, just testing that xpdf works.
CC: (none) => davidwhodgins
Tested OK x86_64 Validating See comment 3 for SRPM & Advisory. Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
Update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED