Univention Bugzilla – Full Text Bug Listing |
Summary: | freetype: Multiple issues (ES 3.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann |
Version: | UCS 3.3 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 3.3-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) | ||
Bug Depends on: | |||
Bug Blocks: | 39558 |
Description
Arvid Requate
2016-10-05 10:22:23 CEST
Imported and built in errata3.3-1. I had to develop a couple of small patches to fix -Werror=unused-but-set-variable errors. I compared the source code to the 2.4.9-1.1 package and fixed those errors in the same way in 2.4.2-2.1+squeeze6. Advisory: freetype.yaml I've backported an additional patch from Bug 40548: * out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. (CVE-2016-10328) Package imported and built, advisory updated. (In reply to Arvid Requate from comment #1) > Imported and built in errata3.3-1. The version number is too old: *** 2.4.2-2.1.63.201503191628 0 500 http://…/3.2/maintained/ 3.2-6/amd64/ Packages 100 /var/lib/dpkg/status 2.4.2-2.1.57.201203091245 0 500 http://…/3.0/maintained/ 3.0-2/amd64/ Packages 2.4.2-2.1.54.201112121554 0 500 http://…/3.0/maintained/ 3.0-1/amd64/ Packages 2.4.2-2.1.52.201110271253 0 500 http://…/3.0/maintained/ 3.0-0/amd64/ Packages 2.4.2-2.1~ucs3.3.75.201704181410 0 500 http://…/ ucs_3.3-0-errata3.3-1/amd64/ Packages > Advisory: freetype.yaml The advisory seems to be missing? (In reply to Janek Walkenhorst from comment #3) > > Advisory: freetype.yaml > The advisory seems to be missing? I was wrong. Fixed: 2.4.2-2.1.79.201706261646 Advisory: OK Tests: OK |