[Secure-testing-commits] r32149 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Feb 11 06:19:30 UTC 2015 

Author: carnil
Date: 2015-02-11 06:19:30 +0000 (Wed, 11 Feb 2015)
New Revision: 32149

Modified:
   data/CVE/list
Log:
Add more freetype CVEs, add references

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-11 06:14:46 UTC (rev 32148)
+++ data/CVE/list	2015-02-11 06:19:30 UTC (rev 32149)
@@ -190,29 +190,59 @@
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
 CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=166
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
 CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=167
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439
 CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=168
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727
 CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=183
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd
 CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=184
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1
 CVE-2014-9662 (cff/cf2ft.c in FreeType before 2.5.4 does not validate the return ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=185
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
 CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=187
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
 CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
 CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before ...)
-	TODO: check
+	- freetype <unfixed>
+	[wheezy] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
+	[squeeze] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=190
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
+	NOTE: CVE due to incomplete fix for CVE-2014-2240
 CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=194
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c
 CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=195
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
 CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType ...)
-	TODO: check
+	- freetype <unfixed>
+	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
 CVE-2015-XXXX [cupsRasterReadPixels buffer overflow]
 	[experimental] - cups 2.0.2-1
 	NOTE: Marked with [experimental] tag as the fix is only in experimental so far

More information about the Secure-testing-commits mailing list