From 7f433e441dd62cf5da2f49a394573cd114403d2785d72c662e1ab0f26f816f36 Mon Sep 17 00:00:00 2001
From: Marguerite Su <i@marguerite.su>
Date: Wed, 22 Apr 2020 08:42:58 +0000
Subject: [PATCH] Accepting request 796116 from home:alarrosa:branches:M17N

* Fixes use-after-free (heap) in the SFD_GetFontMetaData()
    function and fix NULL pointer dereference in the
    SFDGetSpiros() and SFD_AssignLookups() function(bnc#1160220,
    bnc#1160236, CVE-2020-5395, CVE-2020-5496).

OBS-URL: https://build.opensuse.org/request/show/796116
OBS-URL: https://build.opensuse.org/package/show/M17N/fontforge?expand=0&rev=75
---
 fontforge.changes | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fontforge.changes b/fontforge.changes
index 46687c0..bb09904 100644
--- a/fontforge.changes
+++ b/fontforge.changes
@@ -52,6 +52,10 @@ Wed Apr 15 18:30:12 UTC 2020 - Antonio Larrosa <alarrosa@suse.com>
       against, nor are the headers actually well configured to be
       used externally. We are also not aware of any maintained
       product that compiles against FontForge itself.
+  * Fixes use-after-free (heap) in the SFD_GetFontMetaData()
+    function and fix NULL pointer dereference in the
+    SFDGetSpiros() and SFD_AssignLookups() function(bnc#1160220,
+    bnc#1160236, CVE-2020-5395, CVE-2020-5496).
 
 - Drop patch that isn't needed anymore:
   * python38_config.patch