Closed Bug 608896 Opened 10 years ago Closed 10 years ago
update in-tree freetype from 2
.4 .1 to 2 .4 .3
No description provided.
Comment on attachment 487510 [details] [diff] [review] patch this patch doesn't build, need to tweek a bit
Why is this marked security-sensitive?
There are known security exploits in the Freetype in the tree, that we have shipped
Does this include any patches on top of 2.4.3? CVE-2010-3814 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4 CVE-2010-3855 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a possibly others?
Whiteboard: [sg:critical] android only?
(In reply to comment #4) > Does this include any patches on top of 2.4.3? This patch does not include any patches on top of 2.4.3. Do we want to include the fixes for these bugs that freetype hasn't released yet?
Comment on attachment 487510 [details] [diff] [review] patch the patch on bug 609114 (marked blocking this) changes how we build freetype in the tree and makes this work as is.
For the whiteboard, this is Android only. We should take the patches for the things Dan linked to as well. Can we do them as separate patches on top of this one?
Comment on attachment 487510 [details] [diff] [review] patch rs=me
Attachment #487510 - Flags: review?(pavlov) → review+
Whiteboard: [sg:critical] android only? → [sg:critical] android only? [has-patch]
Assignee: nobody → blassey.bugs
Can this land now?
pushed http://hg.mozilla.org/mozilla-central/rev/d0486efab6ed I think we should open a separate bug for any patches we want to take on top of 2.4.3, so I'm closing this one
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.