freeworld packages: unacceptable delay of security updates

Reindl Harald h.reindl at thelounge.net
Sat Feb 21 16:34:37 CET 2015 

Feb 21 14:07:10 Updated: freetype-freeworld-2.5.0.1-6.fc20.x86_64

running fine here, thanks

Am 20.02.2015 um 18:35 schrieb Reindl Harald:
> what about maintainers of "freeworld" packages (in that case
> freetype-freeworld) watching Fedora build of the package they override?
> it's a joke that there is no update in "updates-testing" repos
>
> users having the "freeworld" package installed don#t benefit in *any*
> way from the Fedora security update because it never get loaded
> ________________________________________________
>
> Feb 17 17:23:15 Updated: freetype-2.5.0-9.fc20.x86_64
>
> * Di Feb 17 2015 Marek Kasik <mkasik at redhat.com> - 2.5.0-9
> - Fixes CVE-2014-9656
>     - Check `p' before `num_glyphs'.
> - Fixes CVE-2014-9657
>     - Check minimum size of `record_size'.
> - Fixes CVE-2014-9658
>     - Use correct value for minimum table length test.
> - Fixes CVE-2014-9675
>     - New macro that checks one character more than `strncmp'.
> - Fixes CVE-2014-9660
>     - Check `_BDF_GLYPH_BITS'.
> - Fixes CVE-2014-9661
>     - Initialize `face->ttf_size'.
>     - Always set `face->ttf_size' directly.
>     - Exclusively use the `truetype' font driver for loading
>       the font contained in the `sfnts' array.
> - Fixes CVE-2014-9662
>     - Handle return values of point allocation routines.
> - Fixes CVE-2014-9663
>     - Fix order of validity tests.
> - Fixes CVE-2014-9664
>     - Add another boundary testing.
>     - Fix boundary testing.
> - Fixes CVE-2014-9666
>     - Protect against addition and multiplication overflow.
> - Fixes CVE-2014-9667
>     - Protect against addition overflow.
> - Fixes CVE-2014-9669
>     - Protect against overflow in additions and multiplications.
> - Fixes CVE-2014-9670
>     - Add sanity checks for row and column values.
> - Fixes CVE-2014-9671
>     - Check `size' and `offset' values.
> - Fixes CVE-2014-9672
>     - Prevent a buffer overrun caused by a font including too many (> 63)
>       strings to store names[] table.
> - Fixes CVE-2014-9673
>     - Fix integer overflow by a broken POST table in resource-fork.
> - Fixes CVE-2014-9674
>     - Fix integer overflow by a broken POST table in resource-fork.
>     - Additional overflow check in the summation of POST fragment lengths.
> - Resolves: #1191099, #1191191, #1191193

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.rpmfusion.org/pipermail/rpmfusion-users/attachments/20150221/262c6508/attachment.sig>

More information about the rpmfusion-users mailing list