Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: ec78f7d8 by Sylvain Beucler at 2019-09-03T22:13:09Z freetype: TEMP-0773084-4AB1FB is CVE-2014-9659 / Savannah #43661 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -201846,9 +201846,10 @@ CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2. ...) - - freetype 2.5.2-3 (bug #777656) + - freetype 2.5.2-3 (bug #777656; bug #773084) [wheezy] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well) [squeeze] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well) + NOTE: https://savannah.nongnu.org/bugs/?43661 NOTE: http://code.google.com/p/google-security-research/issues/detail?id=190 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8 NOTE: CVE due to incomplete fix for CVE-2014-2240 @@ -206584,11 +206585,6 @@ CVE-2014-9402 (The nss_dns implementation of getnetbyname in GNU C Library (aka - glibc 2.19-14 (bug #775572) - eglibc <removed> NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630 -CVE-2014-XXXX [freetype: out of bounds write] - - freetype 2.6-1 (unimportant; bug #773084) - [wheezy] - freetype <not-affected> (introduced in freetype 2.5) - [squeeze] - freetype <not-affected> (introduced in freetype 2.5) - NOTE: The affected code isn't enabled in Debian, see #773084 CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in ...) NOT-FOR-US: LoginToboggan Drupal Module CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec78f7d8e22790158066539d02ca81d8c82018e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec78f7d8e22790158066539d02ca81d8c82018e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits