Debian Bug report logs -
#972586
freetype: CVE-2020-15999: buffer overflow in Load_SBit_Png
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Hugh McMaster <hugh.mcmaster@outlook.com>
:
Bug#972586
; Package src:freetype
.
(Tue, 20 Oct 2020 19:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Hugh McMaster <hugh.mcmaster@outlook.com>
.
(Tue, 20 Oct 2020 19:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: freetype
Version: 2.10.2+dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://savannah.nongnu.org/bugs/?59308
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for freetype.
CVE-2020-15999[0]:
| heap buffer overflow in Load_SBit_Png
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
[1] https://savannah.nongnu.org/bugs/?59308
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions freetype/2.9.1-3+deb10u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 20 Oct 2020 19:27:05 GMT) (full text, mbox, link).
Marked as found in versions freetype/2.9.1-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 20 Oct 2020 19:27:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Hugh McMaster <hugh.mcmaster@outlook.com>
:
Bug#972586
; Package src:freetype
.
(Tue, 20 Oct 2020 20:45:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Hugh McMaster <hugh.mcmaster@outlook.com>
.
(Tue, 20 Oct 2020 20:45:07 GMT) (full text, mbox, link).
Message #14 received at 972586@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Prepared the update for release via buster-security, attached the
debdiff. https://salsa.debian.org/debian/freetype/-/merge_requests/2
contains as well the changes to be merged in the packaging repository.
Regards,
Salvatore
[freetype_2.9.1-3+deb10u2.debdiff (text/plain, attachment)]
Added tag(s) pending.
Request was from Hugh McMaster <hugh.mcmaster@outlook.com>
to control@bugs.debian.org
.
(Tue, 20 Oct 2020 23:03:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Oct 21 10:35:10 2020;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.