From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2099.outbound.protection.outlook.com [40.107.243.99]) by sourceware.org (Postfix) with ESMTPS id 868E43850414 for ; Tue, 20 Oct 2020 18:00:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 868E43850414 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cUrS736lPgmvcuZKSoHRGaqVk+j1UxvtU/bgmXX/2sbQ2sQEwRlpOcEMXWJchhovInyGRmJnOE2ot3vksS6l/0+0f2N5JPup/7rHCR+s+yh1HjUHGm26t3ixjwHmI52OE7PeC7i5ywYVzHUAHYqrlvbH4RNvsHvuiLgssLGu5CqI6JePbfYsFWSqy5sSC7/8EaNkCkbHg4vMqvIWsIZtE5EEahWw+v2CXjF8ih+Tm26GPiIRTpQt+GgnYeYnAL7H3lj35iJ5mQBXacKWVvlhlBpTwezelpNpJtiux86rautCZlWsy5ej5LP9yWYh304bqDTMxm6xSrMLtADNxbzwQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eB73h72O5E1mkp/BAREzZpQF9owiKwvuOassumqACVg=; b=go3CmSnQSR7VL1vxu7UHITE3eY2IEa1ziqt7JQ3AfefSOR4kquttwkNZihU+i9nw0AFPKRa0UgKFji60i39/DTdRYPjy5kSSH+EMipt0+tNApveGUnzMdtDChLwSJWop4YX7bCkQZqKaDorPT9Jz2Cl29RrKNjE02ELtEE+VYvK6eykDJZN4Gal1d2seltAFXFTXQftoftUHCQJhJ9az1qHBUwBsJj1zeZh9VQldZwX8Ez7fush7pmuo2aA/Us40Cx26ULbxSPxDf9kiS9sHuX482g9At8mTUEz8srEc1MPIYG0C3XT/5tCDr6/w/HeKpnOov97DAaRTJBkmqJmi/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu; dkim=pass header.d=cornell.edu; arc=none Received: from MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13) by MN2PR04MB5646.namprd04.prod.outlook.com (2603:10b6:208:a2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.24; Tue, 20 Oct 2020 18:00:11 +0000 Received: from MN2PR04MB6176.namprd04.prod.outlook.com ([fe80::c144:d206:c369:af44]) by MN2PR04MB6176.namprd04.prod.outlook.com ([fe80::c144:d206:c369:af44%7]) with mapi id 15.20.3477.028; Tue, 20 Oct 2020 18:00:11 +0000 Subject: Re: libfreetype CVE FYI To: cygwin-apps@cygwin.com References: <3375f26a-9c09-9fba-387e-3ba07618eb9f@cornell.edu> <38e606cc-4c32-5067-dc86-a9d22cc88311@SystematicSw.ab.ca> From: Ken Brown Message-ID: Date: Tue, 20 Oct 2020 14:00:09 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 In-Reply-To: <38e606cc-4c32-5067-dc86-a9d22cc88311@SystematicSw.ab.ca> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [68.175.129.7] X-ClientProxiedBy: MN2PR01CA0061.prod.exchangelabs.com (2603:10b6:208:23f::30) To MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.0.17] (68.175.129.7) by MN2PR01CA0061.prod.exchangelabs.com (2603:10b6:208:23f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Tue, 20 Oct 2020 18:00:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 58feffa2-cea7-451a-8913-08d87521fce0 X-MS-TrafficTypeDiagnostic: MN2PR04MB5646: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2887; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: F5SaSzedn66zYQ6glQvrL3yiMdx8liCfr2A7X27W8gcI7TMIvpKy41la2VBwtfCzcA91QLxgE52oS5hTszqowPZch8z2Oiphd6J6GXuZtT2X72dzVphBw4/M7GgLO/6Ra/Tv2GvaygHHfxm2NX25ZesiPJEas3Mjb2plSkU6X7sVoe5bqjdjtPHgWmNBbgJh+QVKPc5NDS+mKE6/wqDly4j5AiPpP1gEfUT6Ffpb45GlJhrZIFGAAqXjT4j8JyHJ5Bj4adILCAwnn32/fqUjmSAAHn7fCNC2NZz+It7a7lexK6R7LT0N/rXX88v6uZJRFAYCbdXjtk9pN89m48C1aM3KXzOAjqjX+8jBGibYH6Po4VVJjpikJ6sYv0Y6YgTrY1d2+YREN1drY2SlhhIllN+xgDeyeShIw2Wmd2FN0Yn/nOYzdsALhGDl6Q9T1CAwsRERQLN9znE2ZDWvPH2y4w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR04MB6176.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8936002)(7116003)(16799955002)(86362001)(31686004)(6486002)(53546011)(4744005)(66946007)(66476007)(966005)(66556008)(31696002)(2906002)(3480700007)(4001150100001)(6916009)(5660300002)(52116002)(2616005)(26005)(16576012)(75432002)(36756003)(498600001)(16526019)(186003)(956004)(83380400001)(8676002)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: ZFimhMGDuOBg5pFBBxhWZvIhgfYRsg3zwDUeEV0v1+2wKyn6jaied2hlt39aMevVDzEzgq9wKTvFrRfUK5j5/kyGcy2WKmoK7js+8/V5ivI2OYrvNMdZ0/a73pRUqhaRvfYi6bCTGUtB/EmnaM6q7MKRE4RUtx/oNqR+bmDC2dyYi7HJiEZ9yzvtqjo393cYkapQrlUDdh3B5w7prQmJuA3A0LBpDK1C78tB84qvbUSsSXwn0tZPJzgHqPtQ2BiZkW86N2gQnPNcfxPo6EWklI8y6Dy36FQHIEPG1X9MmTcI1wmksUf1BMAsm5HkwqK69eWsq+O+Ju4JOPkah3odfLYGffg9z+Tl6k32Wxx8kPcgFMAxWhlhNHNnft9qL6V7tfHO35+1+dg2TNiyP0mWiHWOPCWDYLFNigwd5UdHu5u3X1wbuPD5rpy7wGTKa4nTZrwYgsIp709Yqgw/2QH/y8dnLstwGeHDJsljceU7YmKpuRFbJWpE+E9kp6Ly0KW0CjySPN/OAt05dFJ6Kuv4jXBonDyF1/A7664mYBZfFvrLg7Vl41J9mCDYPsH6bTm9+L2dp74by+DHSVfJe/T4xVa/bNFLO/LcEHdlJHIoetjInrESCxczxC3Lt1wyYfd3KC91eRoYfHVNKKi6CcNsfA== X-OriginatorOrg: cornell.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 58feffa2-cea7-451a-8913-08d87521fce0 X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB6176.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2020 18:00:11.2557 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RrUX76VgCZa696LWGuTr4WhxmeN/+R+SImpD64OrILliZ6ezEXhuWClTGmmti31OafF50E4oeQkrkje0Si09GQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5646 X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, MSGID_FROM_MTA_HEADER, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2020 18:00:14 -0000 On 10/20/2020 10:46 AM, Brian Inglis wrote: > In case you haven't seen it yet, from news feed: > > FreeType 2.10.4 Rushed Out As Emergency Security Release > https://www.phoronix.com/scan.php?page=news_item&px=FreeType-2.10.4-Released > > links to: https://www.freetype.org/ > > "FreeType 2.10.4 > 2020-10-20 > This is an emergency release, fixing a severe vulnerability in embedded PNG > bitmap handling (see here for more). > > All users should update immediately." > > links to: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/ Thanks, Brian. I'll update it. Ken