projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c1595fe) | patch
freetype: add upstream security fixes for CVE-2017-8105 and CVE-2017-8287
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 30 Apr 2017 19:36:02 +0000 (21:36 +0200)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sun, 30 Apr 2017 21:07:25 +0000 (23:07 +0200)
commit6d557ac0133618fe4fe1d417bf584e21ef208871
tree2e13e2205ca363106c706fe5be29d3f74625bfa4tree
parentc1595feb0e6defde4d890a2aaf62d158d3d04575commit | diff
freetype: add upstream security fixes for CVE-2017-8105 and CVE-2017-8287

Add upstream post-2.7.1 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2017-8105 - FreeType 2 before 2017-03-24 has an out-of-bounds write
caused by a heap-based buffer overflow related to the
t1_decoder_parse_charstrings function in psaux/t1decode.c.

CVE-2017-8287 - FreeType 2 before 2017-03-26 has an out-of-bounds write
caused by a heap-based buffer overflow related to the
t1_builder_close_contour function in psaux/psobjs.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/freetype/0001-psaux-Better-protect-flex-handling.patch [new file with mode: 0644] blob
package/freetype/0002-src-psaux-psobjs.c-t1_builder_close_contour-Add-safe.patch [new file with mode: 0644] blob