[Git][security-tracker-team/security-tracker][master] freetype: TEMP-0773084-4AB1FB is CVE-2014-9659 / Savannah #43661

Sylvain Beucler beuc at debian.org
Tue Sep 3 23:13:40 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec78f7d8 by Sylvain Beucler at 2019-09-03T22:13:09Z
freetype: TEMP-0773084-4AB1FB is CVE-2014-9659 / Savannah #43661

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -201846,9 +201846,10 @@ CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
 CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2. ...)
-	- freetype 2.5.2-3 (bug #777656)
+	- freetype 2.5.2-3 (bug #777656; bug #773084)
 	[wheezy] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
 	[squeeze] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
+	NOTE: https://savannah.nongnu.org/bugs/?43661
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=190
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
 	NOTE: CVE due to incomplete fix for CVE-2014-2240
@@ -206584,11 +206585,6 @@ CVE-2014-9402 (The nss_dns implementation of getnetbyname in GNU C Library (aka
 	- glibc 2.19-14 (bug #775572)
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
-CVE-2014-XXXX [freetype: out of bounds write]
-	- freetype 2.6-1 (unimportant; bug #773084)
-	[wheezy] - freetype <not-affected> (introduced in freetype 2.5)
-	[squeeze] - freetype <not-affected> (introduced in freetype 2.5)
-	NOTE: The affected code isn't enabled in Debian, see #773084
 CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in  ...)
 	NOT-FOR-US: LoginToboggan Drupal Module
 CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec78f7d8e22790158066539d02ca81d8c82018e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec78f7d8e22790158066539d02ca81d8c82018e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190903/c0c33069/attachment.html>

More information about the debian-security-tracker-commits mailing list