Your message dated Wed, 21 Oct 2020 13:35:17 +0000
with message-id <[email protected]>
and subject line Bug#972586: fixed in freetype 2.10.2+dfsg-4
has caused the Debian Bug report #972586,
regarding freetype: CVE-2020-15999: buffer overflow in Load_SBit_Png
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
972586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: freetype
Version: 2.10.2+dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://savannah.nongnu.org/bugs/?59308
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for freetype.
CVE-2020-15999[0]:
| heap buffer overflow in Load_SBit_Png
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
[1] https://savannah.nongnu.org/bugs/?59308
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: freetype
Source-Version: 2.10.2+dfsg-4
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 21 Oct 2020 09:39:47 +1100
Source: freetype
Architecture: source
Version: 2.10.2+dfsg-4
Distribution: unstable
Urgency: high
Maintainer: Hugh McMaster <[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 972586
Changes:
freetype (2.10.2+dfsg-4) unstable; urgency=high
.
* debian/patches: Add upstream patch for CVE-2020-15999 (Closes: #972586).
- Prevent heap buffer overflow when handling embedded PNG bitmaps
in malformed TrueType font files.
Checksums-Sha1:
9bb0c8f3e3ccfa38ab35fb0a8017ba1a571d5c60 3680 freetype_2.10.2+dfsg-4.dsc
2b0adde09849173feade541faa28e65814171414 116636
freetype_2.10.2+dfsg-4.debian.tar.xz
Checksums-Sha256:
02fec93285a814780348e9b734034222d0a4efa10d7ebe51a01c877dc53c1aa3 3680
freetype_2.10.2+dfsg-4.dsc
5bebdcf8e764b5a4a6a5f4f4201abb7b3356599cadaed3aae37f344ef346341f 116636
freetype_2.10.2+dfsg-4.debian.tar.xz
Files:
5ef536ad0ea8774b9f7e3c38fe138d63 3680 libs optional freetype_2.10.2+dfsg-4.dsc
d971563a994cc8cc16364ab968b2aea4 116636 libs optional
freetype_2.10.2+dfsg-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZaEt9P4xrWusTXauM1X01jtYIcwFAl+QNyQACgkQM1X01jtY
Iczmxg//TCDtF25atxoOE2sRjFXBn/1DMBH3O2YmbnRDk9dpV00zrx5Qgo6r4M4j
z4zdfVyy9UyFZTVu/G+Sqwv5cV6KsqjivQj6H8YT5Ycbe951gdpwznUo1f4DTVMS
5wHm0+WSQxGmsnYLhF4GfmdiNEirC0oGTXCWd85WqsjaV1MVShFjvF7uczQwXIkP
i3VunCjv1HlxbaCFkunG11MkwBOgWdSUx6LUgkPqieyqNFrhi50igX0A2UK5Nshx
8Twhojq6gHUgQz777UkfmA6FNXMB3zPBEiSD2aKaI35qisym3QRDDqhGDi/N4AUB
1bi+YUsBctiKmn5italAQfFyxbAbmA0NJruU1XCo/EiYaSRJ4+q9oB5CNGC9PPIg
EwMBostTGOcbiWHq+PpR4sor14+3+mnuvi5kWBQkv+joHjq6OVdSlcHeWRbvGTc/
GwUjsGJS9ul7z4z3wB6WdSXL2DIbzkhm78bPFntpIaQQ8jTA/jvdRS4LuflHoUrQ
Cfp02MFX1cfAmvPn3A1sfMtVJ6QCSNlVNqvpGNkC0g/wUCfkJj4/GnOGn90Bocil
F0F0ab6lWyvMKr9BHEErNq/CQOIwTPR5en/PTYcIlCYDtmL64fIOygAQWcw30dHf
hf7w4XG/Y/wm9ZU4ZKrNMyos+xnHyq1siZkBzY+n9PoMRMkZPNY=
=NacI
-----END PGP SIGNATURE-----
--- End Message ---
