ref: ba86636b14f876fa369c84467409b3b812d47e94
parent: 7752c68c50e651d76615de84db1e34f7ee1329b3
author: Werner Lemberg <[email protected]>
date: Wed Apr 26 05:35:39 EDT 2017
And another CVE for an older FreeType version.
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -29,8 +29,9 @@
now scales the font linearly again (bug introduced in version
2.4.6).
- - CVE-2017-8105: Older FreeType versions has an out-of-bounds write
- caused by a heap-based buffer overflow related to the Type 1 fonts.
+ - CVE-2017-8105: Older FreeType versions has an out-of-bounds
+ write caused by a heap-based buffer overflow related to the Type
+ 1 fonts.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
@@ -100,6 +101,12 @@
- Handling of raw CID fonts was partially broken (bug introduced
in 2.6.4).
+
+ - CVE-2016-10328: Older FreeType versions had an out-of-bounds
+ write caused by a heap-based buffer overflow related to the CFF
+ fonts.
+
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10328
III. MISCELLANEOUS