Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Hi Please unblock package freetype The update fixes CVE-2016-10244, tracked as #856971. The parse_charstrings function in does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service via a crafted file. Does not warrant a DSA for stable, but would be nice to have it already fixed for stretch. Needs a d-i 'ack' if accepted. unblock freetype/2.6.3-3.1 Attached debdiff against the version in stretch. Regards, Salvatore -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
diff -u freetype-2.6.3/debian/changelog freetype-2.6.3/debian/changelog --- freetype-2.6.3/debian/changelog +++ freetype-2.6.3/debian/changelog @@ -1,3 +1,12 @@ +freetype (2.6.3-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2016-10244: Heap-buffer-overflow + src/type1/t1load.c (parse_charstrings): Reject fonts that don't contain + glyph names. (Closes: #856971) + + -- Salvatore Bonaccorso <[email protected]> Thu, 30 Mar 2017 19:16:33 +0200 + freetype (2.6.3-3) unstable; urgency=medium * Install the now-available-upstream manpages for freetype-demos. diff -u freetype-2.6.3/debian/patches-freetype/series freetype-2.6.3/debian/patches-freetype/series --- freetype-2.6.3/debian/patches-freetype/series +++ freetype-2.6.3/debian/patches-freetype/series @@ -5,0 +6 @@ +CVE-2016-10244-type1-Fix-heap-buffer-overflow.patch only in patch2: unchanged: --- freetype-2.6.3.orig/debian/patches-freetype/CVE-2016-10244-type1-Fix-heap-buffer-overflow.patch +++ freetype-2.6.3/debian/patches-freetype/CVE-2016-10244-type1-Fix-heap-buffer-overflow.patch @@ -0,0 +1,33 @@ +From a660e3de422731b94d4a134d27555430cbb6fb39 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <[email protected]> +Date: Fri, 26 Aug 2016 00:23:27 +0200 +Subject: [PATCH] [type1] Fix heap buffer overflow. + +Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 + +* src/type1/t1load.c (parse_charstrings): Reject fonts that don't +contain glyph names. +--- + +diff --git a/src/type1/t1load.c b/src/type1/t1load.c +index c981adcf..f8bf3132 100644 +--- a/src/type1/t1load.c ++++ b/src/type1/t1load.c +@@ -1776,6 +1776,12 @@ + } + } + ++ if ( !n ) ++ { ++ error = FT_THROW( Invalid_File_Format ); ++ goto Fail; ++ } ++ + loader->num_glyphs = n; + + /* if /.notdef is found but does not occupy index 0, do our magic. */ +-- +2.11.0 +
