[Bug 227568] print/freetype2: Apply upstream fix for CVE-2018-6942 (v2.9)

Tue Apr 17 01:42:21 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227568

            Bug ID: 227568
           Summary: print/freetype2: Apply upstream fix for CVE-2018-6942
                    (v2.9)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: gnome at FreeBSD.org
          Reporter: lightside at gmx.com
                CC: gnome at FreeBSD.org, ports-secteam at FreeBSD.org
             Flags: maintainer-feedback?(gnome at FreeBSD.org)
          Assignee: gnome at FreeBSD.org
 Attachment #192577 maintainer-approval?(gnome at FreeBSD.org)
             Flags:
                CC: gnome at FreeBSD.org

Created attachment 192577
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=192577&action=edit
Proposed patch (since 466285 revision)

Patch for print/freetype2 port with upstream fix for CVE-2018-6942:
"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference
in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a
crafted font file."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef

Based on message about CVE-2018-6942 in docs/CHANGES file:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=632a11f91f0d932ac498e9e6ca022c9903ab05e9

-- 
You are receiving this mail because:
You are the assignee for the bug.