[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[Bug 450774] CVE-2008-1808 FreeType off-by-one flaws
- From: bugzilla redhat com
- To: fedora-fonts-bugs-list redhat com
- Subject: [Bug 450774] CVE-2008-1808 FreeType off-by-one flaws
- Date: Tue, 17 Jun 2008 06:01:26 -0400
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2008-1808 FreeType off-by-one flaws
Alias: CVE-2008-1808
https://bugzilla.redhat.com/show_bug.cgi?id=450774
------- Additional Comments From thoger redhat com 2008-06-17 06:01 EST -------
The TTF issue affects TTF virtual machine byte code interpreter (BCI). This
interpreter is disabled by default on freetype 2.x (libtruetype) due to a patent
issues as described on the upstream web page:
http://www.freetype.org/patents.html
All Red Hat Enterprise Linux and Fedora freetype 2.x versions have BCI disabled
and are not affected by the TTF part of CVE-2008-1808. Only custom rebuilds
with BCI enabled may possibly be affected.
Freetype 1.x (libttf) does enable BCI by default, but is explicitly disabled in
freetype packages on Red Hat Enterprise Linux 3 and 4 and in freetype1 packages
in all Fedora versions (via freetype-1.4-disable-ft1-bci.patch).
Red Hat Enterprise Linux 5 does not ship freetype 1.x library. Freetype 1.x on
Red Hat Enterprise Linux 2.1 is built with BCI enabled.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]