Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CANJC7MHKvu=JmvERrbh7tb7gv-sQpKFDrNzgj1hWnAr0MMziKQ@mail.gmail.com>
Date: Wed, 10 Dec 2014 14:56:29 +0100
From: Mateusz Jurczyk <j00ru.vx@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Possible CVE request: freetype: out-of-bounds
 stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240)

Hey, original finder of both vulnerabilities here. I've sent a CVE request
to MITRE today for this and multiple other vulnerabilities fixed in 2.5.4,
I'll update this thread once they are assigned.

Cheers,
Mateusz

2014-12-10 14:45 GMT+01:00 Vasyl Kaigorodov <vkaigoro@...hat.com>:

> Hello,
>
> Freetype version 2.5.4 fixes another out-of-bounds stack-based
> read/write which is similar to CVE-2014-2240.
> Does it deserve a separate CVE? If so - please assign one.
>
> Upstream bug: http://savannah.nongnu.org/bugs/?43661
>
> References:
> http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
> https://bugs.mageia.org/show_bug.cgi?id=14771
> https://bugzilla.redhat.com/show_bug.cgi?id=1172633
>
> Thanks.
> --
> Vasyl Kaigorodov | Red Hat Product Security
> PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.