Closed GoogleCodeExporter closed 9 years ago
Small correction: this is a variant of CVE-2014-2240.
Original comment by mjurc...@google.com
on 21 Nov 2014 at 12:43
Reported in https://savannah.nongnu.org/bugs/?43661.
Original comment by mjurc...@google.com
on 21 Nov 2014 at 12:46
Fixed in
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f8732
37f1c77d43540537c7a721d3fd8.
Original comment by mjurc...@google.com
on 4 Dec 2014 at 3:10
All fixed by upstream:
FreeType 2.5.5
2014-12-30
FreeType 2.5.5 has been released. This is a minor bug fix release: All users of
PCF fonts should update, since version 2.5.4 introduced a bug that prevented
reading of such font files if not compressed.
FreeType 2.5.4
2014-12-06
FreeType 2.5.4 has been released. All users should upgrade due to another fix
for vulnerability CVE-2014-2240 in the CFF driver. The library also contains a
new round of patches for better protection against malformed fonts.
The main new feature, which is also one of the targets mentioned in the pledgie
roadmap below, is auto-hinting support for Devanagari and Telugu, two widely
used Indic scripts. A more detailed description of the remaining changes and
fixes can be found here.
Original comment by cev...@google.com
on 26 Jan 2015 at 5:27
Original comment by mjurc...@google.com
on 25 Feb 2015 at 1:56
Original issue reported on code.google.com by
mjurc...@google.com
on 21 Nov 2014 at 12:41Attachments: