[SECURITY] Fedora 21 Update: mingw-freetype-2.5.4-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Fri Jan 2 05:01:40 UTC 2015


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-17550
2014-12-25 04:34:09
--------------------------------------------------------------------------------

Name        : mingw-freetype
Product     : Fedora 21
Version     : 2.5.4
Release     : 1.fc21
URL         : http://www.freetype.org
Summary     : Free and portable font rendering engine
Description :
MinGW Windows Freetype library.

--------------------------------------------------------------------------------
Update Information:

* Update to 2.5.4\r\n* Updated subpixel rendering patch to 2.5.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 23 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.5.4-1
- Update to 2.5.4
- Fixes RHBZ #1172635
* Thu Jul 10 2014 Nicola Fontana <ntd at entidi.it> - 2.5.3-3
- Update subpixel rendering patch to 2.5.3 (RHBZ #1118276)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1172635 - mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-20]
        https://bugzilla.redhat.com/show_bug.cgi?id=1172635
  [ 2 ] Bug #1118276 - Subpixel rendering patch invalid
        https://bugzilla.redhat.com/show_bug.cgi?id=1118276
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update mingw-freetype' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list