Changeset 044207b

Timestamp:

04/15/2024 07:45:04 PM (4 weeks ago)

Author:

Douglas R. Reno <renodr@…>

Branches:

lazarus, trunk

Children:

10f894a9

Parents:

2a7351fd

Message:

FontForge: Fix CVE-2024-25081 and CVE-2024-25082.

Files:

• introduction/welcome/changelog.xml (modified) (1 diff)
• xsoft/other/fontforge.xml (modified) (3 diffs)

introduction/welcome/changelog.xml

@@ -42 +42 @@
       <para>April 15th, 2024</para>
       <itemizedlist>
+        <listitem>
+          <para>[renodr] - Fix CVE-2024-25081 and CVE-2024-25082 in FontForge.
+          Fixes <ulink url="&blfs-ticket-root;19545">#19545</ulink>.</para>
+        </listitem>
         <listitem>
           <para>[renodr] - Update to libxcb-1.17.0. Fixes

xsoft/other/fontforge.xml

@@ -73 +73 @@
       </listitem>
     </itemizedlist>
+
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>
+          Required patch:
+          <ulink url="&patch-root;/fontforge-&fontforge-version;-security_fixes-1.patch"/>
+        </para>
+      </listitem>
+    </bridgehead>
 
     <bridgehead renderas="sect3">FontForge Dependencies</bridgehead>
@@ -112 +122 @@
       <xref linkend="libjpeg"/>,
       <xref linkend="libtiff"/>,
-      <xref linkend="sphinx"/> (to build html documentation),
-      <xref linkend="woff2"/>, and
+      <xref linkend="sphinx"/> (to build html documentation), and
+      <xref linkend="woff2"/>
     </para>
 
@@ -122 +132 @@
 
     <para>
-      First fix a problem with old translations exposed by gettext-0.22:
+      First, fix two security vulnerabilities in the Splinefont functionality:
+    </para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../fontforge-&fontforge-version;-security_fixes-1.patch</userinput></screen>
+
+    <para>
+      Next, fix a problem with old translations exposed by gettext-0.22:
     </para>