{ "schema_version": "1.7.0", "id": "MGASA-2015-0367", "published": "2015-09-13T21:58:30Z", "modified": "2015-09-13T21:44:28Z", "summary": "Updated freetype2 packages fix security vulnerabilities", "details": "Updated freetype2 packages fix security vulnerabilities:\n\nIt was discovered that FreeType did not correctly handle certain malformed\nfont files. If a user were tricked into using a specially crafted font\nfile, a remote attacker could cause FreeType to crash or hang, resulting in\na denial of service, or possibly expose uninitialized memory\n(Savannah bugs 41309 and 41590).\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0367.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=16739" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/usn-2739-1/" }, { "type": "REPORT", "url": "https://savannah.nongnu.org/bugs/?41309" }, { "type": "REPORT", "url": "https://savannah.nongnu.org/bugs/index.php?41590" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2015/09/11/4" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "freetype2", "purl": "pkg:rpm/mageia/freetype2?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.5.0.1-3.4.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "freetype2", "purl": "pkg:rpm/mageia/freetype2?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.5.0.1-3.4.mga4.tainted" } ] } ], "ecosystem_specific": { "section": "tainted" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }