Synopsis: Moderate: freetype security update
Advisory ID:       SLSA-2019:4254-1
Issue Date:        2019-12-17
CVE Numbers:       CVE-2015-9381
                   CVE-2015-9382
--

Security Fix(es):

* freetype: a heap-based buffer over-read in T1_Get_Private_Dict in
type1/t1parse.c leading to information disclosure (CVE-2015-9381)

* freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face
operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read
(CVE-2015-9382)
--

SL6
  x86_64
    freetype-2.3.11-19.el6_10.i686.rpm
    freetype-2.3.11-19.el6_10.x86_64.rpm
    freetype-debuginfo-2.3.11-19.el6_10.i686.rpm
    freetype-debuginfo-2.3.11-19.el6_10.x86_64.rpm
    freetype-demos-2.3.11-19.el6_10.x86_64.rpm
    freetype-devel-2.3.11-19.el6_10.i686.rpm
    freetype-devel-2.3.11-19.el6_10.x86_64.rpm
  i386
    freetype-2.3.11-19.el6_10.i686.rpm
    freetype-debuginfo-2.3.11-19.el6_10.i686.rpm
    freetype-demos-2.3.11-19.el6_10.i686.rpm
    freetype-devel-2.3.11-19.el6_10.i686.rpm

- Scientific Linux Development Team