Bug 638522
Summary: | CVE-2010-2808 CVE-2010-2806 CVE-2010-2805 CVE-2010-3311 freetype various flaws [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | freetype | Assignee: | Marek Kašík <mkasik> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 13 | CC: | apodtele, behdad, fonts-bugs, kevin, mkasik |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | freetype-2.3.11-6.fc12 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-13 12:47:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 621907, 621980, 623625, 625626 |
Description
Huzaifa S. Sidhpurwala
2010-09-29 09:05:43 UTC
Adding parent bug CVE-2010-2806 New bodhi update url: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907,621980 Adding parent bug CVE-2010-2805 New bodhi update url: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907,621980,625626 Adding parent bug CVE-2010-3311 New bodhi update url: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621907,621980,625626,623625 freetype-2.3.11-6.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc12 freetype-2.3.11-6.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13 I personally run 2.4.3 already, which is perfectly compatible freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update freetype'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/freetype-2.3.11-6.fc13 What's the status of this on Fedora 14 and Rawhide? They're currently at 2.4.2, upstream released 2.4.3 (see bug 639906), is that needed to fix some or all of these issues? If so, can you please upgrade F14 and Rawhide to 2.4.3? All those CVEs should be fixed in freetype-2.4.2, but I'm not sure about CVE-2010-3311. I'll test it tomorrow. Marek freetype-2.4.2-3.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/freetype-2.4.2-3.fc14 Hi, I tested the freetype 2.4.2 for CVE-2010-3311 and it was not fixed. I've committed and built a fix. The version of the fix is freetype-2.4.2-3.fc14 and freetype-2.4.2-3.fc15. Marek freetype-2.4.2-3.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. freetype-2.3.11-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. freetype-2.3.11-6.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |