[Secure-testing-commits] r32147 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Feb 11 06:06:31 UTC 2015 

Author: carnil
Date: 2015-02-11 06:06:31 +0000 (Wed, 11 Feb 2015)
New Revision: 32147

Modified:
   data/CVE/list
Log:
More CVEs for freetype from external check, add to tracker references

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-11 06:05:52 UTC (rev 32146)
+++ data/CVE/list	2015-02-11 06:06:31 UTC (rev 32147)
@@ -168,19 +168,27 @@
 CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in ...)
 	- freetype <unfixed>
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=154
-	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
 CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in ...)
 	- freetype <unfixed>
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=155
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
 CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=157
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3
 CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=158
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
 CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=163
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
 CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
 CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
 	TODO: check
 CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...)

More information about the Secure-testing-commits mailing list