Provide a release with a fix for CVE-2018-25032 #198

dvrogozh · 2022-04-21T20:19:08Z

There is CVE-2018-25032 reported against zlib which is included into SDL_ttf releleases. Affected zlib version is 1.2.11, fix available in 1.2.12. See madler/zlib#605.

Can you, please, provide SDL_ttf release which includes a fix for zlib CVE?

slouken · 2022-06-28T20:32:56Z

@madebr, just a sanity check, do you know of anything that needs to be done before final release?

sezero · 2022-07-07T07:11:00Z

@slouken: Debian applies this patch to freetype-2.12.1 to fix a 'wild free'
issue: Do we want to cherry-pick it?
libsdl-org/freetype@c26872e

slouken · 2022-07-07T12:34:20Z

Yes, let's grab it for the final release today.

slouken · 2022-07-07T13:01:01Z

It's in now, thanks!

slouken · 2022-07-07T13:27:54Z

2.20.0 with a fix for CVE-2018-25032 is now available!
https://github.com/libsdl-org/SDL_ttf/releases/tag/release-2.20.0

slouken added this to the 2.20.0 milestone May 25, 2022

slouken self-assigned this May 25, 2022

slouken closed this as completed Jul 7, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide a release with a fix for CVE-2018-25032 #198

Provide a release with a fix for CVE-2018-25032 #198

dvrogozh commented Apr 21, 2022

slouken commented Jun 28, 2022

sezero commented Jul 7, 2022

slouken commented Jul 7, 2022

slouken commented Jul 7, 2022

slouken commented Jul 7, 2022

Provide a release with a fix for CVE-2018-25032 #198

Provide a release with a fix for CVE-2018-25032 #198

Comments

dvrogozh commented Apr 21, 2022

slouken commented Jun 28, 2022

sezero commented Jul 7, 2022

slouken commented Jul 7, 2022

slouken commented Jul 7, 2022

slouken commented Jul 7, 2022