code.ossystems Code Review - openembedded-core.git/commit

author	Eren Türkay <eren@hambedded.org>
	Thu, 27 Dec 2012 23:00:00 +0000 (01:00 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 31 Dec 2012 09:42:49 +0000 (09:42 +0000)
commit	b693f6d3d48b281fbbf71fd56996c85e23c3a9c9
tree	f5e9634a4e1ce38bec0ffc37615722148fa2b4d1	tree \| snapshot
parent	f116dc32240e2f2d3c6e9bc8bc3320862f5116d3	commit \| diff

freetype: update to 2.4.11 which includes fixes for CVE-2012-{5668, 5669, 5670}

Multiple security issues were reported by Mateusz Jurczyk of Google
security team. These have been fixed in freetype 2.4.11. Details are as
follows.

* CVE-2012-5668: NULL Pointer Dereference in bdf_free_font
Bug: https://savannah.nongnu.org/bugs/?37905
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a

* CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37906
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d

* CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs
Bug: https://savannah.nongnu.org/bugs/?37907
Patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8

For original e-mail and CVE assignment, see the following URLs:

http://www.openwall.com/lists/oss-security/2012/12/25/1
http://www.openwall.com/lists/oss-security/2012/12/25/2

Signed-off-by: Eren Türkay <eren@hambedded.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

meta/recipes-graphics/freetype/freetype-2.4.11/no-hardcode.patch	[moved from meta/recipes-graphics/freetype/freetype-2.4.10/no-hardcode.patch with 100% similarity]	blob \| history
meta/recipes-graphics/freetype/freetype_2.4.11.bb	[moved from meta/recipes-graphics/freetype/freetype_2.4.10.bb with 91% similarity]	diff \| blob \| history