——————————————————————————–
Fedora Update Notification
FEDORA-2020-768b1690f8
2020-10-25 01:01:06.523422
——————————————————————————–
Name : freetype
Product : Fedora 33
Version : 2.10.4
Release : 1.fc33
URL : https://protect2.fireeye.com/v1/url?k=966d06b1-ca7fb2b5-966a9b7d-000babd90757-126af0a7bcf07cea&q=1&e=0a4bbc9c-5df1-4121-8676-ac6631b2b714&u=http%3A%2F%2Fwww.freetype.org%2F
Summary : A free and portable font rendering engine
Description :
The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.
——————————————————————————–
Update Information:
Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.
——————————————————————————–
ChangeLog:
* Fri Oct 23 2020 Marek Kasik <maksik@redhat.com> – 2.10.4-1
– Update to 2.10.4
– Test bitmap size earlier for PNGs
– Fix memory leak in pngshim.c
– Enable man pages for demos
– Resolves: #1887084, #1890211
——————————————————————————–
References:
[ 1 ] Bug #1890210 – CVE-2020-15999 freetype: heap-based buffer overflow via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-768b1690f8’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=0dc0598b-51d2ed8f-0dc7c447-000babd90757-5df4473005147524&q=1&e=0a4bbc9c-5df1-4121-8676-ac6631b2b714&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2020-6299161e89
2020-10-25 01:19:04.801233
——————————————————————————–
Name : freetype
Product : Fedora 32
Version : 2.10.4
Release : 1.fc32
URL : https://protect2.fireeye.com/v1/url?k=8d67cfa1-d1757ba5-8d60526d-000babd90757-1b690f45b8aab4aa&q=1&e=3b4191de-5960-49d0-9818-cd63c1dcbd01&u=http%3A%2F%2Fwww.freetype.org%2F
Summary : A free and portable font rendering engine
Description :
The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.
——————————————————————————–
Update Information:
Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.
——————————————————————————–
ChangeLog:
* Fri Oct 23 2020 Marek Kasik <maksik@redhat.com> – 2.10.4-1
– Update to 2.10.4
– Test bitmap size earlier for PNGs
– Fix memory leak in pngshim.c
– Enable man pages for demos
– Resolves: #1887084, #1890211
——————————————————————————–
References:
[ 1 ] Bug #1890210 – CVE-2020-15999 freetype: heap-based buffer overflow via malformed ttf files
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-6299161e89’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=ac08e0b6-f01a54b2-ac0f7d7a-000babd90757-b28fa3c2c95849c2&q=1&e=3b4191de-5960-49d0-9818-cd63c1dcbd01&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org