[Bug 227936] print/freetype2: Update to 2.9.1

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed May 2 20:11:34 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227936

lightside <lightside at gmx.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=2275
                   |                            |68
                 CC|                            |jbeich at FreeBSD.org,
                   |                            |lightside at gmx.com

--- Comment #1 from lightside <lightside at gmx.com> ---
The FreeType v2.9.1 is a maintenance release, which includes fixes for
CVE-2018-6942:
"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference
in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a
crafted font file."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef

Also, according to docs/CHANGES:
-8<--
The `configure'  script no longer installs  `freetype-config' by
      default.  For  backwards compatibility,  a new  configure option
      `--enable-freetype-config'   is  provided   that  reverts   this
      decision.
-->8-

Possible to remove CONFIG option from OPTIONS_DEFAULT, if needed.

CC: jbeich@

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the freebsd-gnome mailing list