freetype (2.3.11-1ubuntu2.2) lucid-security; urgency=low * SECURITY UPDATE: possible arbitrary code execution via buffer overflow in CFF Type2 CharStrings interpreter (LP: #617019) - debian/patches-freetype/CVE-2010-1797.patch: check number of operands in src/cff/cffgload.c. - CVE-2010-1797 * SECURITY UPDATE: possible arbitrary code execution via buffer overflow in the ftmulti demo program (LP: #617019) - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust sizes in src/ftmulti.c. - CVE-2010-2541 * SECURITY UPDATE: possible arbitrary code execution via improper bounds checking (LP: #617019) - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in src/base/ftstream.c. - CVE-2010-2805 * SECURITY UPDATE: possible arbitrary code execution via improper bounds checking (LP: #617019) - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in src/type42/t42parse.c. - CVE-2010-2806 * SECURITY UPDATE: possible arbitrary code execution via improper type comparisons (LP: #617019) - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*. - CVE-2010-2807 * SECURITY UPDATE: possible arbitrary code execution via memory corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019) - debian/patches-freetype/CVE-2010-2808.patch: check rlen in src/base/ftobjs.c. - CVE-2010-2808 * SECURITY UPDATE: denial of service via bdf font (LP: #617019) - debian/patches-freetype/bug30135.patch: don't modify value in static string in src/bdf/bdflib.c.
Date: Fri, 13 Aug 2010 08:26:33 -0400 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/lucid/+source/freetype/2.3.11-1ubuntu2.2
Format: 1.8 Date: Fri, 13 Aug 2010 08:26:33 -0400 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source Version: 2.3.11-1ubuntu2.2 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Launchpad-Bugs-Fixed: 617019 617019 617019 617019 617019 617019 617019 Changes: freetype (2.3.11-1ubuntu2.2) lucid-security; urgency=low . * SECURITY UPDATE: possible arbitrary code execution via buffer overflow in CFF Type2 CharStrings interpreter (LP: #617019) - debian/patches-freetype/CVE-2010-1797.patch: check number of operands in src/cff/cffgload.c. - CVE-2010-1797 * SECURITY UPDATE: possible arbitrary code execution via buffer overflow in the ftmulti demo program (LP: #617019) - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust sizes in src/ftmulti.c. - CVE-2010-2541 * SECURITY UPDATE: possible arbitrary code execution via improper bounds checking (LP: #617019) - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in src/base/ftstream.c. - CVE-2010-2805 * SECURITY UPDATE: possible arbitrary code execution via improper bounds checking (LP: #617019) - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in src/type42/t42parse.c. - CVE-2010-2806 * SECURITY UPDATE: possible arbitrary code execution via improper type comparisons (LP: #617019) - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*. - CVE-2010-2807 * SECURITY UPDATE: possible arbitrary code execution via memory corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019) - debian/patches-freetype/CVE-2010-2808.patch: check rlen in src/base/ftobjs.c. - CVE-2010-2808 * SECURITY UPDATE: denial of service via bdf font (LP: #617019) - debian/patches-freetype/bug30135.patch: don't modify value in static string in src/bdf/bdflib.c. Checksums-Sha1: a92a17ff1013d1fbba116275059d0398b5b5c577 1313 freetype_2.3.11-1ubuntu2.2.dsc b28ba9f2396e3b564ea3e0fadf3d47e6c2ce11be 41646 freetype_2.3.11-1ubuntu2.2.diff.gz Checksums-Sha256: 52027c94a457477c70a6c087e97f38afcf33008b3b3dd08c3ea746b7125b8abd 1313 freetype_2.3.11-1ubuntu2.2.dsc 2596355a23e440541429bd85024d04cc1c72131ad3080390543985f5a60898c6 41646 freetype_2.3.11-1ubuntu2.2.diff.gz Files: b7b625334a0d9c926bf34cc83dcc904c 1313 libs optional freetype_2.3.11-1ubuntu2.2.dsc 9b97425327300eda74c492034fed50ad 41646 libs optional freetype_2.3.11-1ubuntu2.2.diff.gz Original-Maintainer: Steve Langasek <vor...@debian.org>
-- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes