oss-sec mailing list archives
Re: Two stack-based issues in freetype [NOT a request]
From: cve-assign () mitre org
Date: Wed, 12 Mar 2014 06:49:14 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
If I understood things correctly, CVE-2014-2240 is: https://savannah.nongnu.org/bugs/?41697#comment0 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6 While CVE-2014-2241 is: https://savannah.nongnu.org/bugs/?41697#comment2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969
Yes, those are the correct references for those two CVEs. We are not sure why "Two stack-based issues" was in the Subject line. CVE-2014-2241 is a reachable assertion (CWE-617) not a stack-based buffer overflow (CWE-121). - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTIDslAAoJEKllVAevmvmsdH0H+wW12MbIFFNVA8zeHiz4cHQ7 nxzuHdNkKiPPhqiber0TuBVttHzg0pCLqjYPi561QplkgKevznb+cuIyU/0gBLfg dDIkFwj0IZALuayjFlgzXa9NLjVXt3u1YB3NZvoonTXM1UGvYhkZiLVbQQA5ecwC YTEPkk6A8+2iSTtKQBbYgy8iHNmWpxjZk5+ytDDOTJpt1xKjYr7+HsHGXsyUKs+7 GRXzQiGf4L9MlVa/C1R1YXnFtujQFdNlUqDL4W7q0lF//D5+fpTrKYyPfSPrI7ZT 4UdDohNd2nvNgu1d/4twqo3ceYtO89+nAKaAlnVk9mSHlqndqz0ShI5ylyh12T0= =Fovt -----END PGP SIGNATURE-----
Current thread:
- Two stack-based issues in freetype [NOT a request] Raphael Geissert (Mar 10)
- Re: Two stack-based issues in freetype [NOT a request] cve-assign (Mar 12)
- Re: Two stack-based issues in freetype [NOT a request] Raphael Geissert (Mar 12)
- Re: Two stack-based issues in freetype [NOT a request] cve-assign (Mar 12)