pkgsrc-bugs: pkg/33845: suse_freetype2 font parsing vulnerabilities

Subject: pkg/33845: suse_freetype2 font parsing vulnerabilities
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <zafer.aydogan@gmail.com>
List: pkgsrc-bugs
Date: 06/28/2006 13:25:00

>Number:         33845
>Category:       pkg
>Synopsis:       suse_freetype2 font parsing vulnerabilities
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 28 13:25:00 +0000 2006
>Originator:     Zafer Aydogan
>Release:        3.99.21
>Organization:
>Environment:
>Description:
freetype font parsing vulnerabilities for suse emul packages.

Programs affected: freetype-2.1.10 and older. 
Severity: Possible arbitrary code execution. 
Fixed: FreeType-2.2.1 
CVE identifier(s): CVE-2006-1054 (integer overflows) 

Please see:
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
and
http://scary.beasts.org/security/CESA-2006-001.html


>How-To-Repeat:

>Fix:
please update emulators/suse_freetype2 packages