forked from minhngoc25a/freetype2
* Version 2.3.3 released.
========================= Tag sources with `VER-2-3-3'. * docs/CHANGES: Mention CVE-2007-1351.
This commit is contained in:
parent
7478197e00
commit
9f83e05502
12
ChangeLog
12
ChangeLog
|
@ -1,3 +1,13 @@
|
|||
2007-04-04 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
* Version 2.3.3 released.
|
||||
=========================
|
||||
|
||||
|
||||
Tag sources with `VER-2-3-3'.
|
||||
|
||||
* docs/CHANGES: Mention CVE-2007-1351.
|
||||
|
||||
2007-04-03 David Turner <david@freetype.org>
|
||||
|
||||
* src/base/ftobjs.c (FT_Set_Char_Size): As suggested by James Cloos,
|
||||
|
@ -27,7 +37,7 @@
|
|||
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
|
||||
gracefully.
|
||||
(_bdf_set_default_spacing): Increase `name' buffer size to 256 and
|
||||
issue an error for longer names.
|
||||
issue an error for longer names. This fixes CVE-2007-1351.
|
||||
(_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
|
||||
number of code points in Unicode.
|
||||
|
||||
|
|
|
@ -18,6 +18,10 @@ CHANGES BETWEEN 2.3.3 and 2.3.2
|
|||
to 0 for mono-spaced fonts. Otherwise code that uses them would
|
||||
essentially ruin the fixed-advance property.
|
||||
|
||||
- Fix CVE-2007-1351 which can cause an integer overflow while
|
||||
parsing BDF fonts, leading to a potentially exploitable heap
|
||||
overflow condition.
|
||||
|
||||
II. MISCELLANEOUS
|
||||
|
||||
- Fixed compilation issues on some 64-bit platforms (see ChangeLog
|
||||
|
|
Loading…
Reference in New Issue