[Secure-testing-commits] r32539 - data/CVE

Salvatore Bonaccorso Sat, 28 Feb 2015 01:57:07 -0800

Author: carnil
Date: 2015-02-28 09:56:33 +0000 (Sat, 28 Feb 2015)
New Revision: 32539


Modified:
   data/CVE/list
Log:
freetype fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-02-28 09:53:30 UTC (rev 32538)
+++ data/CVE/list       2015-02-28 09:56:33 UTC (rev 32539)
@@ -1411,94 +1411,94 @@
 CVE-2014-9676
        RESERVED
 CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names 
by ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
        NOTE: 
https://code.google.com/p/google-security-research/issues/detail?id=151
 CVE-2014-9674 (The Mac_Read_POST_Resource function in base/ftobjs.c in 
FreeType ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=153
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
 CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function 
in ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=154
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
 CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in 
...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=155
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
 CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in 
pcf/pcfread.c ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=157
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3
 CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings 
function ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=158
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
 CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 
2.5.4 ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=163
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
 CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 
2.5.4 ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        [wheezy] - freetype <not-affected> (Vulnerable code not present)
        [squeeze] - freetype <not-affected> (Vulnerable code not present)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=164
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
 CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with 
offset+length ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=166
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
 CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType 
before ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=167
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439
 CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 
2.5.4 ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=168
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727
 CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data 
during ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=183
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd
 CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType 
before ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=184
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1
 CVE-2014-9662 (cff/cf2ft.c in FreeType before 2.5.4 does not validate the 
return ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        [wheezy] - freetype <not-affected> (Vulnerable code not present)
        [squeeze] - freetype <not-affected> (Vulnerable code not present)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=185
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
 CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider 
that ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=187
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
 CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType 
before ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=188
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
 CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType 
before ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        [wheezy] - freetype <not-affected> (vulnerable code not present and 
thus incomplete fix not applied as well)
        [squeeze] - freetype <not-affected> (vulnerable code not present and 
thus incomplete fix not applied as well)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=190
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
        NOTE: CVE due to incomplete fix for CVE-2014-2240
 CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType 
before ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=194
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c
 CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in 
FreeType ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=195
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
 CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in 
FreeType ...)
-       - freetype <unfixed> (bug #777656)
+       - freetype 2.5.2-3 (bug #777656)
        NOTE: 
http://code.google.com/p/google-security-research/issues/detail?id=196
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
 CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r32539 - data/CVE

Reply via email to