subject:"\[Touch\-packages\] \[Bug 1449225\] Re\: Backport #41309 \( 8b281f83e \) to fix use of uninitialized data."

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-09-13 Thread Marc Deslauriers

** Changed in: freetype (Ubuntu Trusty)
 Assignee: lava (lavasanjay) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Fix Released
Status in freetype source package in Trusty:
  Fix Released
Status in freetype source package in Utopic:
  Won't Fix
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-09-12 Thread lava

** Changed in: freetype (Ubuntu Trusty)
 Assignee: (unassigned) => lava (lavasanjay)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Fix Released
Status in freetype source package in Trusty:
  Fix Released
Status in freetype source package in Utopic:
  Won't Fix
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-09-10 Thread Launchpad Bug Tracker

This bug was fixed in the package freetype - 2.5.2-1ubuntu2.5

---
freetype (2.5.2-1ubuntu2.5) trusty-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
  uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
  src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
  invalid charcode in src/type1/t1load.c.
- No CVE number

 -- Marc Deslauriers   Thu, 10 Sep 2015
07:09:04 -0400

** Changed in: freetype (Ubuntu Trusty)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Confirmed
Status in freetype source package in Trusty:
  Fix Released
Status in freetype source package in Utopic:
  Confirmed
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-09-10 Thread Launchpad Bug Tracker

This bug was fixed in the package freetype - 2.5.2-2ubuntu3.1

---
freetype (2.5.2-2ubuntu3.1) vivid-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
  uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
  src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
  invalid charcode in src/type1/t1load.c.
- No CVE number

 -- Marc Deslauriers   Thu, 10 Sep 2015
07:07:57 -0400

** Changed in: freetype (Ubuntu Vivid)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Confirmed
Status in freetype source package in Trusty:
  Confirmed
Status in freetype source package in Utopic:
  Confirmed
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-09-10 Thread Launchpad Bug Tracker

This bug was fixed in the package freetype - 2.4.8-1ubuntu2.3

---
freetype (2.4.8-1ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
  uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
  src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
  invalid charcode in src/type1/t1load.c.
- No CVE number

 -- Marc Deslauriers   Thu, 10 Sep 2015
07:10:41 -0400

** Changed in: freetype (Ubuntu Precise)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Fix Released
Status in freetype source package in Trusty:
  Fix Released
Status in freetype source package in Utopic:
  Won't Fix
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-09-10 Thread Marc Deslauriers

** Changed in: freetype (Ubuntu Utopic)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Fix Released
Status in freetype source package in Trusty:
  Fix Released
Status in freetype source package in Utopic:
  Won't Fix
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-05-27 Thread Launchpad Bug Tracker

** Branch linked: lp:ubuntu/freetype

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Confirmed
Status in freetype source package in Trusty:
  Confirmed
Status in freetype source package in Utopic:
  Confirmed
Status in freetype source package in Vivid:
  Confirmed
Status in freetype source package in Wily:
  Fix Released

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-05-23 Thread Launchpad Bug Tracker

This bug was fixed in the package freetype - 2.5.2-4ubuntu1

---
freetype (2.5.2-4ubuntu1) wily; urgency=medium

  * Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
  revert commit Fix metrics on size request for scalable fonts.,
  which breaks gtk underlining markups
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/config headers into the multiarch include path
  and provide symlinks in /usr/include.
- debian/patches-freetype/multi-thread-violations.patch: fix
  multithread violations
  * Dropped changes, included in Debian:
- debian/patches-freetype/CVE-2014-96xx/*
  * debian/patches-freetype/savannah-bug-41309.patch: fix use of
uninitialized data. (LP: #1449225)

freetype (2.5.2-4) unstable; urgency=medium

  * Fix Savannah bug #43774. Closes #780143.
  * Release 2.5.2-4

freetype (2.5.2-3) unstable; urgency=medium

  * Fix Savannah bug #43535. CVE-2014-9675
  * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
  * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
in the summation of POST fragment lengths. CVE-2014-0674-part-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
too long tracing messages. CVS-2014-9674-fixup-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to 
read the lengths in POST fragments. CVE-2014-9674-fixup-1
  * Fix Savannah bug #43538. CVE-2014-9674-part-1
  * Fix Savannah bug #43539. CVE-2014-9673
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
a broken POST table in resource-fork. CVE-2014-9673-fixup
  * Fix Savannah bug #43540. CVE-2014-9672
  * Fix Savannah bug #43547. CVE-2014-9671
  * Fix Savannah bug #43548. CVE-2014-9670
  * [sfnt] Fix Savannah bug #43588. CVE-2014-9669
  * [sfnt] Fix Savannah bug #43589. CVE-2014-9668
  * [sfnt] Fix Savannah bug #43590. CVE-2014-9667
  * [sfnt] Fix Savannah bug #43591. CVE-2014-9666
  * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
  * Fix uninitialized variable warning. CVE-2014-9665-fixup-2
  * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
CVE-2014-9665-fixup
  * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
  * [sfnt] Fix Savannah bug #43656. CVE-2014-9663
  * [cff] Fix Savannah bug #43658. CVE-2014-9662
  * [type42] Allow only embedded TrueType fonts. CVE-2014-9661
  * [bdf] Fix Savannah bug #43660. CVE-2014-9660
  * [cff] Fix Savannah bug #43661. CVE-2014-9659
  * [sfnt] Fix Savannah bug #43672. CVE-2014-9658
  * [truetype] Fix Savannah bug #43679. CVE-2014-9657
  * [sfnt] Fix Savannah bug #43680. CVE-2014-9656
  * All CVEs patched. Closes: #777656.

 -- Marc Deslauriers marc.deslauri...@ubuntu.com  Fri, 22 May 2015
11:03:23 -0400

** Changed in: freetype (Ubuntu Wily)
   Status: Confirmed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0674

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9656

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9657

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9658

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9659

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9660

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9661

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9662

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9663

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9664

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9665

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9666

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9667

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9668

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9669

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9670

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9671

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9672

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9673

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9674

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9675

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-05-22 Thread Marc Deslauriers

** Information type changed from Private Security to Public Security

** Also affects: freetype (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Utopic)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Changed in: freetype (Ubuntu Precise)
   Status: New = Confirmed

** Changed in: freetype (Ubuntu Trusty)
   Status: New = Confirmed

** Changed in: freetype (Ubuntu Utopic)
   Status: New = Confirmed

** Changed in: freetype (Ubuntu Vivid)
   Status: New = Confirmed

** Changed in: freetype (Ubuntu Wily)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Confirmed
Status in freetype source package in Precise:
  Confirmed
Status in freetype source package in Trusty:
  Confirmed
Status in freetype source package in Utopic:
  Confirmed
Status in freetype source package in Vivid:
  Confirmed
Status in freetype source package in Wily:
  Confirmed

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

2015-05-22 Thread Ubuntu Foundations Team Bug Bot

The attachment 0001-Fix-Savannah-bug-41309.patch seems to be a patch.
If it isn't, please remove the patch flag from the attachment, remove
the patch tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Confirmed
Status in freetype source package in Precise:
  Confirmed
Status in freetype source package in Trusty:
  Confirmed
Status in freetype source package in Utopic:
  Confirmed
Status in freetype source package in Vivid:
  Confirmed
Status in freetype source package in Wily:
  Confirmed

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

[Touch-packages] [Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

10 matches

Site Navigation

Mail list logo

Footer information