oss-sec mailing list archives
Re: Two stack-based issues in freetype [NOT a request]
From: Raphael Geissert <geissert () debian org>
Date: Wed, 12 Mar 2014 11:59:14 +0100
Hi, On 12 March 2014 11:49, <cve-assign () mitre org> wrote:
If I understood things correctly, CVE-2014-2240 is: https://savannah.nongnu.org/bugs/?41697#comment0 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6 While CVE-2014-2241 is: https://savannah.nongnu.org/bugs/?41697#comment2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969Yes, those are the correct references for those two CVEs. We are not sure why "Two stack-based issues" was in the Subject line. CVE-2014-2241 is a reachable assertion (CWE-617) not a stack-based buffer overflow (CWE-121).
Mistake from my side, I later corrected it when filing the Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Two stack-based issues in freetype [NOT a request] Raphael Geissert (Mar 10)
- Re: Two stack-based issues in freetype [NOT a request] cve-assign (Mar 12)
- Re: Two stack-based issues in freetype [NOT a request] Raphael Geissert (Mar 12)
- Re: Two stack-based issues in freetype [NOT a request] cve-assign (Mar 12)