maintainer-approval requested: [Bug 227568] print/freetype2: Apply upstream fix for CVE-2018-6942 (v2.9) : [Attachment 192577] Proposed patch (since 466285 revision)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Apr 17 01:42:20 UTC 2018
lightside <lightside at gmx.com> has asked freebsd-gnome mailing list
<gnome at FreeBSD.org> for maintainer-approval:
Bug 227568: print/freetype2: Apply upstream fix for CVE-2018-6942 (v2.9)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227568
Attachment 192577: Proposed patch (since 466285 revision)
https://bugs.freebsd.org/bugzilla/attachment.cgi?id=192577&action=edit
--- Description ---
Patch for print/freetype2 port with upstream fix for CVE-2018-6942:
"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference
in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a
crafted font file."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e3
05ec428703c9a5831d0b1fc3497ef
Based on message about CVE-2018-6942 in docs/CHANGES file:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=632a11f91f0d
932ac498e9e6ca022c9903ab05e9
More information about the freebsd-gnome
mailing list