mailing list archives
Re: CVE request: libqt4: two memory issues
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 24 Aug 2011 14:49:44 +0200
On Mon, 22 Aug 2011 10:43:23 +0200 Matthias Weckbecker wrote:
A) buffer overflow (looks only like an off-by-one from a very quick
The fix is for 3rdparty/harfbuzz, any reason to prefer calling it Qt,
rather than harfbuzz / pango issue. The code even seems to be based on
some FreeType code, though it's not obvious if FreeType was affected by
that. Is that more than over-read?
B) buffer overflow on greyscale images with multiple samples per pixel
The bug is not public.
Tomas Hoger / Red Hat Security Response Team