Savannah #43661

Sylvain Beucler Tue, 03 Sep 2019 15:14:14 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ec78f7d8 by Sylvain Beucler at 2019-09-03T22:13:09Z
freetype: TEMP-0773084-4AB1FB is CVE-2014-9659 / Savannah #43661

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -201846,9 +201846,10 @@ CVE-2014-9660 (The _bdf_parse_glyphs function in 
bdf/bdflib.c in FreeType before
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=188
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
 CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType 
before 2. ...)
-       - freetype 2.5.2-3 (bug #777656)
+       - freetype 2.5.2-3 (bug #777656; bug #773084)
        [wheezy] - freetype <not-affected> (vulnerable code not present and 
thus incomplete fix not applied as well)
        [squeeze] - freetype <not-affected> (vulnerable code not present and 
thus incomplete fix not applied as well)
+       NOTE: https://savannah.nongnu.org/bugs/?43661
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=190
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
        NOTE: CVE due to incomplete fix for CVE-2014-2240
@@ -206584,11 +206585,6 @@ CVE-2014-9402 (The nss_dns implementation of 
getnetbyname in GNU C Library (aka
        - glibc 2.19-14 (bug #775572)
        - eglibc <removed>
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
-CVE-2014-XXXX [freetype: out of bounds write]
-       - freetype 2.6-1 (unimportant; bug #773084)
-       [wheezy] - freetype <not-affected> (introduced in freetype 2.5)
-       [squeeze] - freetype <not-affected> (introduced in freetype 2.5)
-       NOTE: The affected code isn't enabled in Debian, see #773084
 CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login 
form in  ...)
        NOT-FOR-US: LoginToboggan Drupal Module
 CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing 
form in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec78f7d8e22790158066539d02ca81d8c82018e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec78f7d8e22790158066539d02ca81d8c82018e0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] freetype: TEMP-0773084-4AB1FB is CVE-2014-9659 / Savannah #43661

Reply via email to