Bug 10870

Summary:	[UPDATE REQUEST 2016.1] firefox 82.0 and freetype 2.9.1 (CVE-2020-15999)
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Алзим <alzim>
Component:	Preinstalled software in the ISO	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	critical
Priority:	Highest	CC:	e.malashin, pastordidi, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ alzim: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2016.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Алзим 2020-10-22 16:08:51 MSK

Уязвимость 0-day в freetype
http://www.opennet.ru/opennews/art.shtml?num=53922

freetype 2.9.1-5 (by Valeria)
https://abf.io/build_lists/3531125
https://abf.io/build_lists/3531126

firefox 82.0-1
https://abf.io/build_lists/3535997
https://abf.io/build_lists/3535996

firefox-l10n 82.0-1
https://abf.io/build_lists/3536024
https://abf.io/build_lists/3536025

Comment 1 e.malashin@rosalinux.ru 2020-10-22 19:20:08 MSK

**************************************
The update is sent to expanded testing

Comment 2 Vladimir Potapov 2020-10-27 05:25:39 MSK

freetype 2.9.1-5 (by Valeria)
https://abf.io/build_lists/3531125
https://abf.io/build_lists/3531126

firefox 82.0-1
https://abf.io/build_lists/3535997
https://abf.io/build_lists/3535996

firefox-l10n 82.0-1
https://abf.io/build_lists/3536024
https://abf.io/build_lists/3536025
************************* Advisory *************************
O-day CVE
************************************************************
QA Verified