From 9f83e055028306dac4103c14f52d7cfdf8adedcf Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Thu, 5 Apr 2007 02:28:23 +0000
Subject: [PATCH] * Version 2.3.3 released. =========================

Tag sources with `VER-2-3-3'.

* docs/CHANGES: Mention CVE-2007-1351.
---
 ChangeLog    | 12 +++++++++++-
 docs/CHANGES |  4 ++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index c15c2aa09..f356f81e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2007-04-04  Werner Lemberg  <wl@gnu.org>
+
+	* Version 2.3.3 released.
+	=========================
+
+
+	Tag sources with `VER-2-3-3'.
+
+	* docs/CHANGES: Mention CVE-2007-1351.
+
 2007-04-03  David Turner  <david@freetype.org>
 
 	* src/base/ftobjs.c (FT_Set_Char_Size): As suggested by James Cloos,
@@ -27,7 +37,7 @@
 	* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
 	gracefully.
 	(_bdf_set_default_spacing): Increase `name' buffer size to 256 and
-	issue an error for longer names.
+	issue an error for longer names.  This fixes CVE-2007-1351.
 	(_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
 	number of code points in Unicode.
 
diff --git a/docs/CHANGES b/docs/CHANGES
index dc2fa25e0..8b76df002 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -18,6 +18,10 @@ CHANGES BETWEEN 2.3.3 and 2.3.2
       to 0 for mono-spaced fonts.  Otherwise code that uses them would
       essentially ruin the fixed-advance property.
 
+    - Fix  CVE-2007-1351  which can  cause an  integer overflow  while
+      parsing BDF  fonts, leading  to a potentially  exploitable  heap
+      overflow condition.
+
   II. MISCELLANEOUS
 
     - Fixed compilation issues on some 64-bit platforms (see ChangeLog