Bug 37757 - freetype: Multiple issues (4.0)
freetype: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P3 normal (vote)
: UCS 4.0-1-errata
Assigned To: Janek Walkenhorst
Arvid Requate
:
Depends on:
Blocks: 38465
  Show dependency treegraph
 
Reported: 2015-02-11 07:34 CET by Moritz Muehlenhoff
Modified: 2015-05-07 17:42 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-11 07:34:09 CET
+++ This bug was initially created as a clone of Bug #37756 +++

Multiple bugs in processing font files allow denial of service or the execution of arbitrary code:
CVE-2014-9675 CVE-2014-9674 CVE-2014-9673 CVE-2014-9672 CVE-2014-9671 CVE-2014-9670 CVE-2014-9669 CVE-2014-9668 CVE-2014-9667 CVE-2014-9666
CVE-2014-9665 CVE-2014-9664 CVE-2014-9663 CVE-2014-9662 CVE-2014-9661
CVE-2014-9660 CVE-2014-9659 CVE-2014-9658 CVE-2014-9657 CVE-2014-9656
Comment 1 Janek Walkenhorst univentionstaff 2015-05-05 18:42:29 CEST
CVE-2014-9668, CVE-2014-9665, CVE-2014-9662, CVE-2014-9659 does not affect squeeze/wheezy.
Advisory: 2015-05-05-freetype.yaml
Tests (i386): OK
Comment 2 Janek Walkenhorst univentionstaff 2015-05-06 16:34:09 CEST
CVE-2014-9674 still remains to be fixed, see Bug #38465
Comment 3 Arvid Requate univentionstaff 2015-05-06 19:41:51 CEST
Verified:
* Package built and installable (amd64)
* Advisory Ok (fixed)
Comment 4 Janek Walkenhorst univentionstaff 2015-05-07 17:42:40 CEST
<http://errata.univention.de/ucs/4.0/193.html>