Overview

File _patchinfo of Package patchinfo.5898

<patchinfo incident="5898">
  <issue id="1050193" tracker="bnc">VUL-0: CVE-2017-11573: fontforge: Over-read in ValidatePostScriptFontName (parsettf.c)</issue>
  <issue id="1050181" tracker="bnc">VUL-0: CVE-2017-11569: fontforge: Heap-based buffer over-read in readttfcopyrights (parsettf.c)</issue>
  <issue id="1050200" tracker="bnc">VUL-0: CVE-2017-11577: fontforge: Buffer over-read in getsid (parsettf.c)</issue>
  <issue id="1050161" tracker="bnc">VUL-0: CVE-2017-11568: fontforge: Heap-based buffer over-read in PSCharStringToSplines</issue>
  <issue id="1050195" tracker="bnc">VUL-0: CVE-2017-11575: fontforge: Buffer over-read in strnmatch (char.c)</issue>
  <issue id="1050194" tracker="bnc">VUL-0: CVE-2017-11574: fontforge: Heap-based buffer overflow in readcffset (parsettf.c)</issue>
  <issue id="1050196" tracker="bnc">VUL-0: CVE-2017-11576: fontforge: Ensure a positive size in a weight vector memcpycall in readcfftopdict (parsettf.c)</issue>
  <issue id="1050187" tracker="bnc">VUL-0: CVE-2017-11572: fontforge: Heap-based buffer over-read in readcfftopdicts (parsettf.c)</issue>
  <issue id="1050185" tracker="bnc">VUL-0: CVE-2017-11571: fontforge: Stack-based buffer overflow in addnibble (parsettf.c)</issue>
  <issue id="2017-11568" tracker="cve" />
  <issue id="2017-11569" tracker="cve" />
  <issue id="2017-11571" tracker="cve" />
  <issue id="2017-11573" tracker="cve" />
  <issue id="2017-11572" tracker="cve" />
  <issue id="2017-11575" tracker="cve" />
  <issue id="2017-11574" tracker="cve" />
  <issue id="2017-11577" tracker="cve" />
  <issue id="2017-11576" tracker="cve" />
  <issue id="327144" tracker="fate" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>qzhao</packager>
  <description>This update for fontforge fixes the following security issues:

fontforge was updated to 20170731, fixings lots of bugs and security issues.

- CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161)
- CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181)
- CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185)
- CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187)
- CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193)
- CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194)
- CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195)
- CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196)
- CVE-2017-11577: Buffer over-read in getsid (bsc#1050200)
</description>
  <summary>Security update for fontforge</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places