First Last Prev Next    This bug is not in your last search results.
Bug 39558 - freetype: Multiple issues (ES 3.2)
freetype: Multiple issues (ES 3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-ES
Assigned To: Arvid Requate
Janek Walkenhorst
:
Depends on: 42567
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-15 15:16 CEST by Arvid Requate
Modified: 2017-09-28 17:17 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-10-15 15:16:00 CEST 
Debian package version 2.4.2-2.1+squeeze6 fixes:

* remote denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream (CVE-2014-9745)
* use of uninitialized data (CVE-2014-9746)
* t42parse.c vulnerability (CVE-2014-9747)


Note: backported patches present : 2.4.2-2.1+squeeze4-errata3.2-5
see Bug 37756 Comment 1.

+++ This bug was initially created as a clone of Bug #38465 +++
Comment 1 Arvid Requate univentionstaff 2017-03-07 15:24:48 CET 
Imported and built in extsec3.2: 2.4.2-2.1.67.201703071427

Advisory checked in into my extsec3.2 git repo.
Comment 2 Arvid Requate univentionstaff 2017-04-18 14:24:39 CEST 
I've backported an additional patch from Bug 40548:

* out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. (CVE-2016-10328)

Package imported and built, advisory draft updated (git).
Comment 3 Janek Walkenhorst univentionstaff 2017-05-23 18:58:49 CEST 
Tests (amd64): OK
Comment 4 Janek Walkenhorst univentionstaff 2017-05-31 14:20:12 CEST 
Advisory: OK
Comment 5 Arvid Requate univentionstaff 2017-09-18 13:16:43 CEST 
The advisory is here: https://git.knut.univention.de/arequate/extsec3.2
Comment 6 Philipp Hahn univentionstaff 2017-09-28 17:17:54 CEST 
<http://errata.software-univention.de/ucs/3.2/457.html>
First Last Prev Next    This bug is not in your last search results.