[Bug 450774] CVE-2008-1808 FreeType off-by-one flaws
bugzilla at redhat.com
bugzilla at redhat.com
Tue Jun 17 10:01:26 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2008-1808 FreeType off-by-one flaws
Alias: CVE-2008-1808
https://bugzilla.redhat.com/show_bug.cgi?id=450774
------- Additional Comments From thoger at redhat.com 2008-06-17 06:01 EST -------
The TTF issue affects TTF virtual machine byte code interpreter (BCI). This
interpreter is disabled by default on freetype 2.x (libtruetype) due to a patent
issues as described on the upstream web page:
http://www.freetype.org/patents.html
All Red Hat Enterprise Linux and Fedora freetype 2.x versions have BCI disabled
and are not affected by the TTF part of CVE-2008-1808. Only custom rebuilds
with BCI enabled may possibly be affected.
Freetype 1.x (libttf) does enable BCI by default, but is explicitly disabled in
freetype packages on Red Hat Enterprise Linux 3 and 4 and in freetype1 packages
in all Fedora versions (via freetype-1.4-disable-ft1-bci.patch).
Red Hat Enterprise Linux 5 does not ship freetype 1.x library. Freetype 1.x on
Red Hat Enterprise Linux 2.1 is built with BCI enabled.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-fonts-bugs-list
mailing list