svn commit: r347556 - branches/2014Q1/security/vuxml
Koop Mast
kwm at FreeBSD.org
Sun Mar 9 08:33:40 UTC 2014
Author: kwm
Date: Sun Mar 9 08:33:39 2014
New Revision: 347556
URL: http://svnweb.freebsd.org/changeset/ports/347556
QAT: https://qat.redports.org/buildarchive/r347556/
Log:
MFH: r347554
Document freetype2 vuln.
Approved by: portmgr (erwin@)
Modified:
branches/2014Q1/security/vuxml/vuln.xml
Directory Properties:
branches/2014Q1/ (props changed)
Modified: branches/2014Q1/security/vuxml/vuln.xml
==============================================================================
--- branches/2014Q1/security/vuxml/vuln.xml Sun Mar 9 08:20:31 2014 (r347555)
+++ branches/2014Q1/security/vuxml/vuln.xml Sun Mar 9 08:33:39 2014 (r347556)
@@ -51,6 +51,35 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
+ <topic>freetype2 -- Out of bounds read/write</topic>
+ <affects>
+ <package>
+ <name>freetype2</name>
+ <range><lt>2.5.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mateusz Jurczyk reports:</p>
+ <blockquote cite="http://savannah.nongnu.org/bugs/?41697">
+ <p>Out of bounds stack-based read/write in cf2_hintmap_build.<br>
+ This is a critical vulnerability in the CFF Rasterizer code
+ recently contributed by Adobe, leading to potential arbitrary
+ code execution in the context of the FreeType2 library client.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://savannah.nongnu.org/bugs/?41697</url>
+ </references>
+ <dates>
+ <discovery>2014-02-25</discovery>
+ <entry>2014-03-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2">
<topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list