Source: freetype Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for freetype.
CVE-2009-0946[0]: | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote | attackers to execute arbitrary code via vectors related to large | values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, | and (3) cff/cffload.c. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. The upstream patches for this are: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 I can provide test-cases for these bugs in private if you need them. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946 http://security-tracker.debian.net/tracker/CVE-2009-0946 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpROc8gDuw47.pgp
Description: PGP signature
