Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update freetype to fix CVE? #4198

Open
fschutt opened this issue Jan 4, 2021 · 1 comment
Open

Update freetype to fix CVE? #4198

fschutt opened this issue Jan 4, 2021 · 1 comment
Labels
type: bug

Comments

@fschutt
Copy link
Contributor

fschutt commented Jan 4, 2021

FreeType version 2.6, which webrender depends on on Linux had a heap buffer overflow has been found in the handling of embedded PNG bitmaps.

Since webrender links freetype statically (afaik) it would make sense to update the freetype dependency to fix this issue.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
@kvark kvark added the type: bug label Jan 4, 2021
@jrmuizel
Copy link
Collaborator

jrmuizel commented Jan 5, 2021

I think it might make more sense to just make sure we always use the system freetype. i.e. drop the freetype-lib feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kvark @jrmuizel @fschutt