On Tue, May 29, 2007 at 12:15:41PM +0100, Steve Kemp wrote: > On Sun May 27, 2007 at 12:47:58 +0200, Moritz Muehlenhoff wrote:
> > I guess we should fix this, it's indirectly remotely exploitable at least > > by providing someone a malformed TTF font file. As libfreetype is an > > important > > infrastructure library there might also be unforeseen indirect attack > > vectors, like embedding TTFs in other document types, etc. > Agreed. > > Steve Kemp wanted to work on a DSA, so you should probably check back > > with him before preparing an upload. > I was planning on handling this yes, so if there were a fixed package > available for Etch then I'd appreciate seeing it. Signed package for etch is on its way up to <http://people.debian.org/~vorlon/freetype/> right now (built with -sa, so should indeed be ready for upload straight to security-master). Changelog is: freetype (2.2.1-5+etch1) stable-security; urgency=high * debian/patches-freetype/CVE-2007-2754_ttgfload: address CVE-2007-2754, a bug allowing execution of arbitrary code via a crafted TTF image by way of an integer overflow. Closes: #425625. -- Steve Langasek <[EMAIL PROTECTED]> Wed, 23 May 2007 03:26:25 -0700 (hmm, date's wrong, that's what I get for just editing the existing -6 changelog entry and renumbering it. :) Let me know if there's anything else you need from me for etch. I haven't yet looked into whether this bug affects the sarge version of the package, I'll do that next (unless somebody here already knows the answer). Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]