[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
** Changed in: freetype (Ubuntu Trusty) Assignee: lava (lavasanjay) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Fix Released Status in freetype source package in Trusty: Fix Released Status in freetype source package in Utopic: Won't Fix Status in freetype source package in Vivid: Fix Released Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
** Changed in: freetype (Ubuntu Trusty) Assignee: (unassigned) => lava (lavasanjay) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Fix Released Status in freetype source package in Trusty: Fix Released Status in freetype source package in Utopic: Won't Fix Status in freetype source package in Vivid: Fix Released Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
This bug was fixed in the package freetype - 2.5.2-1ubuntu2.5 --- freetype (2.5.2-1ubuntu2.5) trusty-security; urgency=medium * SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number -- Marc DeslauriersThu, 10 Sep 2015 07:09:04 -0400 ** Changed in: freetype (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Confirmed Status in freetype source package in Trusty: Fix Released Status in freetype source package in Utopic: Confirmed Status in freetype source package in Vivid: Fix Released Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
This bug was fixed in the package freetype - 2.5.2-2ubuntu3.1 --- freetype (2.5.2-2ubuntu3.1) vivid-security; urgency=medium * SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number -- Marc DeslauriersThu, 10 Sep 2015 07:07:57 -0400 ** Changed in: freetype (Ubuntu Vivid) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Confirmed Status in freetype source package in Trusty: Confirmed Status in freetype source package in Utopic: Confirmed Status in freetype source package in Vivid: Fix Released Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
This bug was fixed in the package freetype - 2.4.8-1ubuntu2.3 --- freetype (2.4.8-1ubuntu2.3) precise-security; urgency=medium * SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number -- Marc DeslauriersThu, 10 Sep 2015 07:10:41 -0400 ** Changed in: freetype (Ubuntu Precise) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Fix Released Status in freetype source package in Trusty: Fix Released Status in freetype source package in Utopic: Won't Fix Status in freetype source package in Vivid: Fix Released Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
** Changed in: freetype (Ubuntu Utopic) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Fix Released Status in freetype source package in Trusty: Fix Released Status in freetype source package in Utopic: Won't Fix Status in freetype source package in Vivid: Fix Released Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
** Branch linked: lp:ubuntu/freetype -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise: Confirmed Status in freetype source package in Trusty: Confirmed Status in freetype source package in Utopic: Confirmed Status in freetype source package in Vivid: Confirmed Status in freetype source package in Wily: Fix Released Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
This bug was fixed in the package freetype - 2.5.2-4ubuntu1 --- freetype (2.5.2-4ubuntu1) wily; urgency=medium * Merge from Debian unstable, remaining changes: - debian/patches-freetype/revert_scalable_fonts_metric.patch: revert commit Fix metrics on size request for scalable fonts., which breaks gtk underlining markups - Make libfreetype6-dev M-A: same. - Error out on the use of the freetype-config --libtool option. - Don't add multiarch libdirs for freetype-config --libs. - Install the freetype2/config headers into the multiarch include path and provide symlinks in /usr/include. - debian/patches-freetype/multi-thread-violations.patch: fix multithread violations * Dropped changes, included in Debian: - debian/patches-freetype/CVE-2014-96xx/* * debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data. (LP: #1449225) freetype (2.5.2-4) unstable; urgency=medium * Fix Savannah bug #43774. Closes #780143. * Release 2.5.2-4 freetype (2.5.2-3) unstable; urgency=medium * Fix Savannah bug #43535. CVE-2014-9675 * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1 * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check in the summation of POST fragment lengths. CVE-2014-0674-part-2 * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold too long tracing messages. CVS-2014-9674-fixup-2 * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1 * Fix Savannah bug #43538. CVE-2014-9674-part-1 * Fix Savannah bug #43539. CVE-2014-9673 * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by a broken POST table in resource-fork. CVE-2014-9673-fixup * Fix Savannah bug #43540. CVE-2014-9672 * Fix Savannah bug #43547. CVE-2014-9671 * Fix Savannah bug #43548. CVE-2014-9670 * [sfnt] Fix Savannah bug #43588. CVE-2014-9669 * [sfnt] Fix Savannah bug #43589. CVE-2014-9668 * [sfnt] Fix Savannah bug #43590. CVE-2014-9667 * [sfnt] Fix Savannah bug #43591. CVE-2014-9666 * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665 * Fix uninitialized variable warning. CVE-2014-9665-fixup-2 * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values. CVE-2014-9665-fixup * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664 * [sfnt] Fix Savannah bug #43656. CVE-2014-9663 * [cff] Fix Savannah bug #43658. CVE-2014-9662 * [type42] Allow only embedded TrueType fonts. CVE-2014-9661 * [bdf] Fix Savannah bug #43660. CVE-2014-9660 * [cff] Fix Savannah bug #43661. CVE-2014-9659 * [sfnt] Fix Savannah bug #43672. CVE-2014-9658 * [truetype] Fix Savannah bug #43679. CVE-2014-9657 * [sfnt] Fix Savannah bug #43680. CVE-2014-9656 * All CVEs patched. Closes: #777656. -- Marc Deslauriers marc.deslauri...@ubuntu.com Fri, 22 May 2015 11:03:23 -0400 ** Changed in: freetype (Ubuntu Wily) Status: Confirmed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0674 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9656 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9657 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9658 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9659 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9660 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9661 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9662 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9663 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9664 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9665 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9666 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9667 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9668 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9669 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9670 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9671 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9672 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9673 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9674 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9675 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Precise:
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
** Information type changed from Private Security to Public Security ** Also affects: freetype (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Vivid) Importance: Undecided Status: New ** Changed in: freetype (Ubuntu Precise) Status: New = Confirmed ** Changed in: freetype (Ubuntu Trusty) Status: New = Confirmed ** Changed in: freetype (Ubuntu Utopic) Status: New = Confirmed ** Changed in: freetype (Ubuntu Vivid) Status: New = Confirmed ** Changed in: freetype (Ubuntu Wily) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Confirmed Status in freetype source package in Precise: Confirmed Status in freetype source package in Trusty: Confirmed Status in freetype source package in Utopic: Confirmed Status in freetype source package in Vivid: Confirmed Status in freetype source package in Wily: Confirmed Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
The attachment 0001-Fix-Savannah-bug-41309.patch seems to be a patch. If it isn't, please remove the patch flag from the attachment, remove the patch tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/1449225 Title: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data. Status in freetype package in Ubuntu: Confirmed Status in freetype source package in Precise: Confirmed Status in freetype source package in Trusty: Confirmed Status in freetype source package in Utopic: Confirmed Status in freetype source package in Vivid: Confirmed Status in freetype source package in Wily: Confirmed Bug description: FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 . This change is not in any of the current FreeType packages (Precise freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This is a fix for a few use of uninitialized data bugs which were found by msan, and is in FreeType 2.5.3 (but comes after 2.5.2). This is a request to backport http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 to all currently supported packages of FreeType, as all of them appear to be affected. Since this fixes reads of uninitialized memory in a widely used package, I'm marking this as a security related issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp