bug#44146: CVE-2020-15999 in FreeType

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44146: CVE-2020-15999 in FreeType

From:	Tobias Geerinckx-Rice
Subject:	bug#44146: CVE-2020-15999 in FreeType
Date:	Thu, 22 Oct 2020 21:30:30 +0200

Marius,

Marius Bakke 写道：

The 'freetype' package is vulnerable to CVE-2020-15999.


Oh dear.  'Thanks' for breaking the news.

I'm busy for a couple of days and won't be able to work on it intime.
Volunteers wanted!

It feels like it shouldn't work (what with the different .soversion & all) but I've been unable to break a ghostscript graftedto use 2.10.4.

I'm currently reconfiguring my system with it; if it works, I'llpush it.

Whatever happens, I won't have time to apply the core-updates halftonight.

Forwarding a message from oss-security, we may have to patchGhostscript
as well:

I don't know enough about FT/GS's internals to really understandwhat's going on, but being a C(ompile-time) macro, this *could* besafe to graft, right?


Kind regards,

T G-R

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#44146: CVE-2020-15999 in FreeType, Marius Bakke, 2020/10/22
- bug#44146: CVE-2020-15999 in FreeType, Tobias Geerinckx-Rice <=

Prev by Date: bug#44000: Guile-Git cross-compiled to i586-pc-gnu gets bytestructures wrong
Next by Date: bug#39606: Keyboard layout defined by 'set-xorg-configuration' is not honored by GDM.
Previous by thread: bug#44146: CVE-2020-15999 in FreeType
Next by thread: bug#39606: Keyboard layout defined by 'set-xorg-configuration' is not honored by GDM.
Index(es):
- Date
- Thread