[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ft] FreeType 2.4.9 has been released
|
From: |
list_freetype |
|
Subject: |
[ft] FreeType 2.4.9 has been released |
|
Date: |
Sat, 07 Apr 2012 17:23:52 -0700 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:10.0.3) Gecko/20120306 Thunderbird/10.0.3 |
> - Another round of fixes to better handle invalid fonts. Many of
> them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144
> and SA48320) so all users should upgrade.
When I go look up those CVEs, MITRE[1] tells me they're under review and
NVD[2] says the CVE wasn't found. Searching NVD for "freetype" yields
CVE-2011-3439 as the latest. The git log only references "Savannah bug"
numbers so I didn't have much luck there either.
Is there a CVE<->bug number map? Or a compiled bug-fix list like what
Samba provides in their release notes[3]? I'm happy to go build up my
own change list, but there is a relatively huge amount of changes
between 2.4.7 (what I have in production) and 2.4.9. I need to assess
the need to upgrade my production images (i.e., are we affected by the
vulnerabilities, can they be mitigated without recompiling, etc.).
1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
2: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1126
3: http://www.samba.org/samba/history/samba-3.6.2.html
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [ft] FreeType 2.4.9 has been released,
list_freetype <=