Re: [ft-devel] Fix for CVE-2010-3311

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] Fix for CVE-2010-3311

From:	Werner LEMBERG
Subject:	Re: [ft-devel] Fix for CVE-2010-3311
Date:	Fri, 24 Jun 2011 18:11:42 +0200 (CEST)

> I am trying to audit our local patches to freetype2 in openSUSE to
> reduce the number of patches we apply. I noticed that fix for
> CVE-2010-3311 [0] is not applied to upstream freetype source.
> Attached is the fix for the issue with the demo CFF file.
>
> It would be nice to get this fixed so we can drop this patch.
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311

Hmm, in

  https://bugzilla.redhat.com/show_bug.cgi?id=623625

I read this:

  Affected versions: freetype-2.3 and before that.  Latest upstream
  version (2.4) is not affected.

Actually, I remember this CVE...  And indeed, comment #39 says:

  The following upstream commit fixes this problem in freetype 2.4.x:

  commit 75787c19eab20874c5d588842c52e59cfbd9302a
  Author: Werner Lemberg <address@hidden>
  Date:   Sat Jun 26 09:24:08 2010 +0200

    Add some memory checks (mainly for debugging).

    * src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
    if the frame size is larger than the stream size.

    * src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
    seeking a position larger than the stream size.

:-)


      Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[ft-devel] Fix for CVE-2010-3311, İsmail Dönmez, 2011/06/24
- Re: [ft-devel] Fix for CVE-2010-3311, Werner LEMBERG <=
  - Re: [ft-devel] Fix for CVE-2010-3311, İsmail Dönmez, 2011/06/24

Prev by Date: [ft-devel] Fix for CVE-2010-3311
Next by Date: Re: [ft-devel] Fix for CVE-2010-3311
Previous by thread: [ft-devel] Fix for CVE-2010-3311
Next by thread: Re: [ft-devel] Fix for CVE-2010-3311
Index(es):
- Date
- Thread