rpms/freetype-freeworld/F-12 freetype-2.3.11-CVE-2010-3855.patch, NONE, 1.1 freetype-freeworld.spec, 1.10, 1.11

Monday, 15 November 2010

Author: kkofler

Update of /cvs/free/rpms/freetype-freeworld/F-12
In directory se02.es.rpmfusion.net:/tmp/cvs-serv27073/F-12

Modified Files:
	freetype-freeworld.spec 
Added Files:
	freetype-2.3.11-CVE-2010-3855.patch 
Log Message:
* Mon Nov 15 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.3.11-3
- Add freetype-2.3.11-CVE-2010-3855.patch
    (Protect against invalid `runcnt' values.)
- Resolves: rh#651764

freetype-2.3.11-CVE-2010-3855.patch:
 ttgxvar.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE freetype-2.3.11-CVE-2010-3855.patch ---
--- freetype-2.3.11/src/truetype/ttgxvar.c	2009-07-31 18:45:19.000000000 +0200
+++ freetype-2.3.11/src/truetype/ttgxvar.c	2010-11-15 10:26:22.517444003 +0100
@@ -157,7 +157,7 @@
         runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK;
         first  = points[i++] = FT_GET_USHORT();
 
-        if ( runcnt < 1 )
+        if ( runcnt < 1 || i + runcnt >= n )
           goto Exit;
 
         /* first point not included in runcount */
@@ -168,7 +168,7 @@
       {
         first = points[i++] = FT_GET_BYTE();
 
-        if ( runcnt < 1 )
+        if ( runcnt < 1 || i + runcnt >= n )
           goto Exit;
 
         for ( j = 0; j < runcnt; ++j )


Index: freetype-freeworld.spec
===================================================================
RCS file: /cvs/free/rpms/freetype-freeworld/F-12/freetype-freeworld.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- freetype-freeworld.spec	5 Oct 2010 14:46:15 -0000	1.10
+++ freetype-freeworld.spec	15 Nov 2010 12:46:42 -0000	1.11
@@ -8,7 +8,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype-freeworld
 Version: 2.3.11
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: FTL or GPLv2+
 Group: System Environment/Libraries
 URL: http://www.freetype.org
@@ -32,6 +32,7 @@
 Patch98:  freetype-2.3.11-CVE-2010-2806.patch
 Patch99:  freetype-2.3.11-CVE-2010-2808.patch
 Patch100:  freetype-2.3.11-CVE-2010-3311.patch
+Patch101:  freetype-2.3.11-CVE-2010-3855.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 
@@ -82,6 +83,7 @@
 %patch98 -p1 -b .CVE-2010-2806
 %patch99 -p1 -b .CVE-2010-2808
 %patch100 -p1 -b .CVE-2010-3311
+%patch101 -p1 -b .CVE-2010-3855
 
 %build
 
@@ -131,6 +133,11 @@
 %config(noreplace) %{_sysconfdir}/fonts/conf.d/*.conf
 
 %changelog
+* Mon Nov 15 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.3.11-3
+- Add freetype-2.3.11-CVE-2010-3855.patch
+    (Protect against invalid `runcnt' values.)
+- Resolves: rh#651764
+
 * Tue Oct 05 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org&gt; 2.3.11-2
 - Update the description to reflect that the bytecode interpreter is no longer
   patented (but still disabled in the stock Fedora freetype).


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008