diff options
author | Koop Mast <kwm@FreeBSD.org> | 2014-03-09 08:33:39 +0000 |
---|---|---|
committer | Koop Mast <kwm@FreeBSD.org> | 2014-03-09 08:33:39 +0000 |
commit | 18120c604cf576ca5d576c5a01513e3b0b7375ae (patch) | |
tree | 5004d31a096c2b5313016740a904e2fa2046aff9 | |
parent | a73973bf9d44d82e1e109cfd75001f9d5b97bab7 (diff) | |
download | ports-18120c604cf576ca5d576c5a01513e3b0b7375ae.tar.gz ports-18120c604cf576ca5d576c5a01513e3b0b7375ae.zip |
MFH: r347554
Document freetype2 vuln.
Approved by: portmgr (erwin@)
Notes
Notes:
svn path=/branches/2014Q1/; revision=347556
-rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e4c6da195fa5..743e3f612ac2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,35 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c"> + <topic>freetype2 -- Out of bounds read/write</topic> + <affects> + <package> + <name>freetype2</name> + <range><lt>2.5.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mateusz Jurczyk reports:</p> + <blockquote cite="http://savannah.nongnu.org/bugs/?41697"> + <p>Out of bounds stack-based read/write in cf2_hintmap_build.<br> + This is a critical vulnerability in the CFF Rasterizer code + recently contributed by Adobe, leading to potential arbitrary + code execution in the context of the FreeType2 library client. + </p> + </blockquote> + </body> + </description> + <references> + <url>http://savannah.nongnu.org/bugs/?41697</url> + </references> + <dates> + <discovery>2014-02-25</discovery> + <entry>2014-03-09</entry> + </dates> + </vuln> + <vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2"> <topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic> <affects> |