Closed
Bug 608896
Opened 14 years ago
Closed 14 years ago
update in-tree freetype from 2.4.1 to 2.4.3
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| fennec | 2.0b3+ | --- |
People
(Reporter: blassey, Assigned: blassey)
References
Details
(Whiteboard: [sg:critical] android only? [has-patch])
Attachments
(1 file)
|
(deleted),
patch
|
pavlov
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Attachment #487510 -
Flags: review?(pavlov)
|
Assignee | |
Comment 1•14 years ago
|
||
Comment on attachment 487510 [details] [diff] [review]
patch
this patch doesn't build, need to tweek a bit
Attachment #487510 -
Flags: review?(pavlov)
|
||
Comment 2•14 years ago
|
||
Why is this marked security-sensitive?
|
||
Comment 3•14 years ago
|
||
There are known security exploits in the Freetype in the tree, that we have shipped
|
||
Comment 4•14 years ago
|
||
Does this include any patches on top of 2.4.3?
CVE-2010-3814
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4
CVE-2010-3855
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a
possibly others?
Whiteboard: [sg:critical] android only?
|
|
||
Comment 5•14 years ago
|
||
|
|
Assignee | |
Comment 6•14 years ago
|
||
(In reply to comment #4)
> Does this include any patches on top of 2.4.3?
This patch does not include any patches on top of 2.4.3. Do we want to include the fixes for these bugs that freetype hasn't released yet?
|
|
Assignee | |
Comment 7•14 years ago
|
||
Comment on attachment 487510 [details] [diff] [review]
patch
the patch on bug 609114 (marked blocking this) changes how we build freetype in the tree and makes this work as is.
Attachment #487510 -
Flags: review?(pavlov)
|
|
||
Comment 8•14 years ago
|
||
For the whiteboard, this is Android only.
We should take the patches for the things Dan linked to as well. Can we do them as separate patches on top of this one?
|
|
||
Comment 9•14 years ago
|
||
Comment on attachment 487510 [details] [diff] [review]
patch
rs=me
Attachment #487510 -
Flags: review?(pavlov) → review+
|
|
||
Updated•14 years ago
|
tracking-fennec: --- → 2.0b3+
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [sg:critical] android only? → [sg:critical] android only? [has-patch]
|
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → blassey.bugs
|
||
Comment 10•14 years ago
|
||
Can this land now?
|
|
Assignee | |
Comment 11•14 years ago
|
||
|
|
Assignee | |
Comment 12•14 years ago
|
||
pushed http://hg.mozilla.org/mozilla-central/rev/d0486efab6ed
I think we should open a separate bug for any patches we want to take on top of 2.4.3, so I'm closing this one
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•