Re: [ft] FreeType 2.4.1 has been released

[mpsuzuki]

On Fri, 06 Aug 2010 22:49:20 +0200 (CEST)
Werner LEMBERG <address@hidden> wrote:

>
>> out of curiosity, has Apple contacted the FreeType dev group
>> concerning http://www.vupen.com/english/advisories/2010/2018
>> ("FreeType Compact Font Format Two Buffer Overflow
>> Vulnerabilities")?
>
>Yes.  Fixed in 2.4.2.

Unfortunately, at least, Werner and me had not heard
anything from Apple (there is a possibility that we
had overlooked their contact in the spam messages).

We had found the mention of CFF driver vulnerability
(used to crack iOS) in some web sites, and we had
fixed by ourselves.

It seems that RedHat got the patch written by Apple
engineers, before our fix, so I guess it was just that
Apple didn't find appropriate contact in FreeType2
developers.

BTW, VUPEN lists "two vulnerabilities", but FreeType2
mentions "a vulnerability". Somebody may afraid that
another vulnerability is left in genuine FreeType2. This
is the difference of the modification part in Apple's
patch & our patch. In Apple's patch, 2 stack checking
are inserted to 2 CFF operators increasing the stack.
In our patch, a stack checking is inserted after all
CFF operations, aslike existing stack checking for
CFF numerical objects.

Regards,
mpsuzuki